Colonial Pipeline Ransomware Attack
The operator of the nation’s largest fuel pipeline confirmed it paid $4.4m to a gang of hackers who broke into its computer systems.
The FBI discourages making ransom payments to ransomware attackers, because paying encourages criminal networks around the globe who have hit thousands of businesses and health care systems in the US in past year alone. But many victims of ransomware attacks where hackers demand large sums for data decryption or prevention from being released online decide it's worth spending money even if incentivizing criminals whom are already wreaking havoc across America.
Joseph Blount, Colonial Pipeline’s CEO, told the Wall Street Journal he authorized the payment because the company didn’t know the extent of the damage and wasn’t sure how long it would take to bring the pipeline’s systems back.
“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country,” he said.
Cybersecurity Law Passed in Texas
There have been numerous local and national measures that have been fueled by the ransomware attack on the Colonial Pipeline.
Texas Governor, Greg Abbott, announced Tuesday that he had signed a House Bill 1118 into law. This bill specifies the requirements for government entities to complete cybersecurity training.
The bill, which was introduced to the Texas House at the beginning of the year, it has gone through multiple amendments over the past few months, but was passed unanimously after the Colonial Pipeline fell victim to ransomware.
The bill states the importance of compliance with annual cybersecurity training by government employees, and mentions periodic audits will be used to verify security training has been completed.
Anyone who does not complete the cybersecurity training by deadlines, or refuses to comply, will be blocked from accessing the government's computer network or other computer systems.
A cyber attack shut down the Colonial Pipeline and caused havoc for people trying to get gasoline.— Greg Abbott (@GregAbbott_TX) May 17, 2021
States must safeguard against those attacks.
I’m signing a law that penalizes government entities in Texas that fail to comply with cyber security training requirements. pic.twitter.com/MeIw9k3lfY
Federal Response to Pipeline Hack
Five bills introduced to the House of Representatives:
H.R. 2980, The “Cybersecurity Vulnerability Remediation Act” With the critical vulnerabilities looming over society, it is imperative that we take a step back to assess and revisit our defenses. This vulnerability remediation act will help us do just that by granting CISA authority in assisting with strategies against these most pressing of cybersecurity threats.
H.R. 3138, The “State and Local Cybersecurity Improvement Act” The U.S. National Cybersecurity Center, established by President Obama in 2016 under the Department of Homeland Security (DHS), announces their intention to provide a new grant program that will fund State and local governments with up to $500 million annually for cybersecurity measures- such as securing digital devices on networks or educating citizens about cyber threats - so they can keep their systems safe from potential attacks
The US National Cybersecurity Center has announced its plans regarding funding network security across state lines through dedicated grants worth up to half a billion dollars per year! The idea is that this money would go towards paying states like Louisiana, which suffered significant damage following Hurricane Katrina back in 2005; Texas after Cyclone Harvey hit last August 2017; Puerto Rico since it was devastated
H.R. 3223, The “CISA Cyber Exercise Act” Establishes a National Cyber Exercise program within the CISA to promote more regular testing and systemic assessments of preparedness and resilience against cyber attacks on critical infrastructure.
H.R. 3243, The “Pipeline Security Act” -The Department of Homeland Security is working to make pipelines safer by enhancing security. This bill will allow the department, which has been designated as responsible for protecting these systems against cyberattacks and terrorist attacks since 2003, to continue doing its job effectively.
H.R. 3264, The “Domains Critical to Homeland Security Act” The "Domains Critical to Homeland Security Act" will authorize the Department of Homeland Security conduct research into supply chain risks for critical domains and transmit results to Congress.
Executive Order on May 12, 2021
These bills are in addition to the Executive Order from President Biden that addresses cybersecurity defenses. President Biden has signed an executive order to help prevent data breaches by requiring federal organizations and IT Service Providers to share event logs and information on cyber attacks that may impact or hinder the US Government. Information on known or discovered vulnerabilities is required to be shared as well, so everyone can work together for a safer future.
What to do if you become a victim of a cyber attack
- Immediately notify your supervisors and IT department.
- Notify your local authorities to file a complaint.
- Keep record of all evidence of the incident and the suspected source of the attack.