spread of ransomware

Pipeline attack highlights ransomware threats to infrastructure

The cyberattack against Colonial Pipeline, which led to the precautionary shutdown of fuel pipelines serving the East Coast, has been attributed to ransomware group Darkside.

In response, the FBI released a flash alert to industry with indicators of compromise and mitigation measures, according to Deputy National Security Advisor Anne Neuberger Additionally, the Cybersecurity and Infrastructure Security Agency is preparing its own release of information to critical infrastructure providers about the ransomware attack, she said in a May 10 White House briefing.

The attack "underscores the threat that ransomware poses to organizations regardless of size or sector," said Eric Goldstein, executive assistant director of CISA’s cybersecurity division.

As the administration confronts a rise in ransomware activities, cybersecurity experts and lawmakers continue to debate the pros and cons to paying ransoms. In general, the FBI has long discouraged payments out of fear it will encourage future attacks.

Neuberger said companies are often left in a "difficult position" if they have no other method of recovering stolen data.

"That is why given the rise in ransomware and given frankly the troubling trend we see of often targeting companies who have insurance and may be richer targets, that we need to look thoughtfully at this area … to determine what we do in addition to actively disrupting infrastructure and holding perpetrators accountable, to ensure that we're not encouraging the rise of ransomware," she said.

Rep. John Katko (R-N.Y.), who has previously introduced legislation to expand CISA's role in responding to cybersecurity breaches into industrial control systems, said that "You can expect substantial congressional oversight on this incident in the near future."

Speaking at the White House shortly after the press briefing, President Joe Biden said the intelligence community does not have evidence that "Russia is involved, although there is evidence that the actor's ransomware is in Russia. They have some responsibility to deal with this."

A longer version of this article was first posted to FCW, a sibling site to GCN.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected