Pipeline attack highlights ransomware threats to infrastructure
- By Justin Katz
- May 11, 2021
The cyberattack against Colonial Pipeline, which led to the precautionary shutdown of fuel pipelines serving the East Coast, has been attributed to ransomware group Darkside.
In response, the FBI released a flash alert to industry with indicators of compromise and mitigation measures, according to Deputy National Security Advisor Anne Neuberger Additionally, the Cybersecurity and Infrastructure Security Agency is preparing its own release of information to critical infrastructure providers about the ransomware attack, she said in a May 10 White House briefing.
The attack "underscores the threat that ransomware poses to organizations regardless of size or sector," said Eric Goldstein, executive assistant director of CISA’s cybersecurity division.
As the administration confronts a rise in ransomware activities, cybersecurity experts and lawmakers continue to debate the pros and cons to paying ransoms. In general, the FBI has long discouraged payments out of fear it will encourage future attacks.
Neuberger said companies are often left in a "difficult position" if they have no other method of recovering stolen data.
"That is why given the rise in ransomware and given frankly the troubling trend we see of often targeting companies who have insurance and may be richer targets, that we need to look thoughtfully at this area … to determine what we do in addition to actively disrupting infrastructure and holding perpetrators accountable, to ensure that we're not encouraging the rise of ransomware," she said.
Rep. John Katko (R-N.Y.), who has previously introduced legislation to expand CISA's role in responding to cybersecurity breaches into industrial control systems, said that "You can expect substantial congressional oversight on this incident in the near future."
Speaking at the White House shortly after the press briefing, President Joe Biden said the intelligence community does not have evidence that "Russia is involved, although there is evidence that the actor's ransomware is in Russia. They have some responsibility to deal with this."
A longer version of this article was first posted to FCW, a sibling site to GCN.
Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.