U.S. Cybersecurity Policy Has Changed Since the Colonial Pipeline Attack


More than a year ago, a ransomware attack made the news across the nation. The Colonial Pipeline Company announced on May 7, 2021, that the DarkSide Ransomware-as-a-Service group, based in eastern Europe, had hit it. The FBI has since confirmed DarkSide, which has since shut down, as the threat actors. What’s changed about U.S. cyber policy since then, including in the wake of the Russian attack on Ukraine


An important note: the attack impacted the IT side of the business. As a precaution, the company shut down the operational technology (OT) side, meaning the pipeline itself. The Colonial Pipeline stretches 5,500 miles from Texas to New York, carrying up to 3 million barrels of fuel per day. The five-day shutdown cut off the East Coast from roughly half the normal supply of gasoline and jet fuel. That led to a sharp rise in gas prices, as well as gas shortages, panic buying and long lines at gas stations. 


More than that, it shocked the national security and law enforcement worlds. Both learned anew that the nation’s critical infrastructure was open to attack. 


Colonial Pipeline paid $4.5 million in ransom to restore its compromised systems. The DarkSide recovery tools were so slow that the company ended up mostly using its business continuity tools instead. 


In the Wake of the Attack


In the wake of the attack, negotiations between the United States and Russia began. The Russian Federal Security Service arrested a person alleged to be behind the attack. (Any cooperation here ended after the Russian invasion of Ukraine in February.) Meanwhile, the U.S. State Department is still ..

Support the originator by clicking the read the rest link below.