GET UP TO SPEED
Ransomware is rampant. The biggest fuel pipeline in the United States was shut down in recent days after hackers stole some one hundred gigabytes of data from Colonial Pipeline and threatened to release it unless the company paid up. The hack has been tied to an Eastern European (and possibly Russia-based) collective known as DarkSide, and US President Joe Biden has said that Russia bears some responsibility for the hack, even though the attack does not appear to have been state-sponsored. How can companies fight back against this rising trend of ransomware attacks? What can the Biden administration do? And what will this mean for the prices you pay at the pump? Our experts are here to fill you in, free of charge.
Today’s expert reaction courtesy of
- Cynthia Quarterman: Distinguished fellow at the Global Energy Center and former administrator of the US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration
- David Bray: Director of the GeoTech Center
- Andy Bochman: Nonresident senior fellow at the Global Energy Center and the senior grid strategist for Idaho National Laboratory’s National and Homeland Security directorate
A RISING THREAT
- Colonial Pipeline is aiming to restore most of its operations by the end of this week, as lines of panic buyers form at gas stations across the Southeastern United States. Cynthia says any increase in gas prices “is likely to be mildly escalatory and short-lived.” But she adds that the hack “exposes the soft underbelly of the nation’s critical energy infrastructure.”
- If a company like Colonial, which should have the resources for robust cyber defenses, could be “paralyzed,” Cynthia adds, that means smaller companies are even more vulnerable to attack. “In that circumstance, an environmental, explosive, or economic catastrophe might not be averted.”
- The threat goes well beyond energy. The Colonial Pipeline hack is one of the most high-profile ransomware incidents in recent years, but it’s part of a surging trend, David points out. According to data compiled by the GeoTech Center, the global cost of ransomware attacks soared from $11.5 billion in 2019 to $20 billion in 2020, with the average downtime for an organization rising from 6.2 days to 16.2 days.
- “The good news is technology is getting democratized, and the bad news is technology is getting democratized,” David says. Ordinary “people can do things that only sophisticated nation-states could do 40 years ago.”
Subscribe to Fast Thinking email alerts
Sign up to receive rapid insight in your inbox from Atlantic Council experts on global events as they unfold.
HOW TO FIGHT BACK
- If everyone is at risk, how can companies prepare? Andy suggests developing a “Plan B” in case your operations are shut down and making sure all your IT “crown jewels” are “fully backed up off-line and restorable.” He adds that “conducting recurring and very realistic exercises will let you know whether your plans work or need revision. Do all of that, then rinse and repeat, and don't stop.”
- David floats another idea: space. Commercial satellites can be used to store company data as a backup. “If you have something that compromises ground-based assets, then you move to the space cloud,” he says.
- But couldn’t someone just hack your satellite? David says communication to space assets would be limited, via only laser modems that would catch the satellite as it passes overhead. “You have a little more control than over the regular internet,” he says.
THE ROLE OF GOVERNMENT
- Biden on Monday promised a “global effort” led by the US Department of Justice against “transnational criminals,” along with new public-private collaboration to improve cybersecurity. But Cynthia notes that the government’s role of coordinating cybersecurity and advising private companies “is daunting and grossly underfunded.” When there’s a massive breach, the typical solution would be for the government to take over, but “there is no clear solution, no clearly articulated vision of what the government would do if it took over.”
- David urges more transparency from governments and particularly private companies when they do get hacked. Right now, many of them withhold information because they fear reactions from customers or shareholders. But if we could map ransomware attacks with the same precision that we have for COVID-19 cases, for instance, it could be a real wake-up call.
- “We’ve got cyber fatigue,” David says. “No one event is going to motivate people to do anything. It’s when you quantify" security breaches that more people will get involved in fixing it. “The solutions will come not from policymakers, but from entrepreneurs.”
New Atlanticist Mar 24, 2021
How to reverse three decades of escalating cyber conflict
By Jason Healey and Robert Jervis
Cyber conflict has not yet escalated from a fight inside cyberspace to a more traditional armed attack because of cyberspace. In part, this is because countries understand there are some tacit upper limits to escalation above which the response from the offended country will be war. Unfortunately, this happy state may not last.
New Atlanticist Feb 11, 2021
The 5×5—Looking ahead for the Biden administration after a busy year in cybersecurity
By Simon Handler
It’s been a wild twelve months in the world of cybersecurity since the Atlantic Council’s Cyber Statecraft Initiative launched the 5×5 series. In celebration of the series' one-year anniversary, experts plotted the year ahead.
Fast Thinking Dec 15, 2020
FAST THINKING: Why the new Russian hacks are a game-changer
By Atlantic Council
The bad news keeps coming about the scope of a suspected Russian hack: The US Department of Homeland Security was compromised, in addition to the State, Treasury, and Commerce Departments and parts of the Pentagon. What's going on?