Effectively addressing national emergencies and times of crisis has always required private and public sector collaboration. The most recent and obvious example being the development and delivery of COVID-19 vaccines. And like COVID-19, ransomware attacks cross borders, necessitating a coordinated national and international response by government agencies and technology leaders.
Never has this fact been so apparent than in these days immediately following the Colonial Pipeline ransomware attack, the details of which we are still unpacking, including scope – i.e. whether the compromise of the IT environment has moved laterally to infect their OT environment. While incident responders work to contain and remediate this attack to get more of Colonial’s fuel distribution pipes back online, we are reminded of undeniable truths that should serve as a sobering call to action.
- Multiple supply chains are vulnerable. The SolarWinds hack, the details of which we, as an industry, are still working to understand, was another form of a supply chain hack, one that exploited our reliance on software. And to great affect, with private and public sector companies infiltrated, albeit with seemingly different adversarial motivations than the extortion tactics of ransomware attacks.
- By extension, our critical infrastructure is vulnerable. The Biden administration’s $2 trillion infrastructure bill, The American Jobs Plan, has led to a debate on what, exactly, constitutes infrastructure, especially in the digital age. Clearly, securing infrastructure relied upon to distribute different types of fuel to commercial and retail consumers in the mid-Atlantic region of the US is critical infrastructure. The recent ransomware attack against a water treatment plant in Florida is further evidence of this point.
- Cybercrime can look like espionage. The purported perpetrator of the Colonial Pipeline attack, DarkSide, is a relative newcomer, but one with a formidable pedigree and a modern as-a-service business model. While the group has denied this attack being motivated by anything else other than money, there are ramifications and implications associated with cyber espionage. Why? Beyond the impact to the supply chain, increase in gas prices and more, such hacker groups are too often tolerated in the nation states in which their members reside.
Brazen ransomware attacks on healthcare providers, which has continued, maddeningly, during the pandemic, led my colleague, Jon Oltsik, some time ago, to call for ransomware to be declared a national emergency. Jon was prescient: The Ransomware Task Force (RTF) is a 60-member strong organization with participation from the public and private sector, including Amazon Web Services, BlueVoyant, Crowdstrike, FireEye, McAfee, Microsoft, and others who submitted to the Biden administration days before the Colonial Pipeline attack a comprehensive report on combatting ransomware. In addition to making the case that ransomware poses a national security risk, it offers a compelling set of actionable recommendations. The framework for action starts with a focus on deterrence based on a national and internationally coordinated effort, and explores ways in which the extortion and shaming-based business model of cyber criminals can be disrupted, in large part by not paying ransoms. Recognizing the need to ready organizations for ransomware attacks, the report also offers steps to prepare and respond to ransomware attacks.
It is an ambitious plan with recommendation which some note have been made previously only to fall upon deaf ears. Perhaps the Colonial Pipeline attack is a tipping point to stop marginalizing ransomware as a non-violent crime and treating it as the national emergency that it is.