May 12, 2021

Colonial Pipeline and Infrastructure Hacks

Convenience is not a good reason to ignore security. Ransomware just got very real. And it's likely to get worse | ZDNet

We have had ransomware attacks that killed people - attacks that paralized hospitals - but apparently that was not enough to get people's attention.

But now an attack is costing real money and inconveniencing people. That seems to have gotten everyone's attention.

Late last week, Colonial Pipeline, which accounts for 45% of the US East Coast's fuel, was forced to shut down its operations due to a ransomware attack against its systems.

As there is no information about how this attack got started, it is hard to say if Colonial Pipeline was at fault. If they use Microsoft Exchange Server, they were exposed via zero-days, and there was not much they could do. Especially since the exploits were being used before MS said anything about them.

And while in 2007 people were sold on the idea of putting everything on the internet, or connecting everything, I think in 2021 we can see that was not a good idea.

Assume that you are going to get hit. Microsoft will have another zero-day. Someone will open a fishing email. Something will go wrong.

DarkSide is sorry? More like Sorry/Not Sorry. Hackers who shut down pipeline: We don’t want to cause “problems for society”. They're just in it for the money.

There is some good info at that link, but here is the part that caught my eye.

In response to the attacks on Colonial Pipeline, the Biden administration issued a Regional Emergency Declaration 2021-002 this Sunday. The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations, allowing alternate transportation of petroleum products via tanker truck to relieve shortages related to the attack.

There is only one problem with that plan. A shortage of truck drivers. Truck driver shortage could cause gas shortage. And that was before this mess.

The National Tank Truck Carriers, an industry trade group, says up to 25% of tank trucks are parked heading into this summer because of a lack of qualified drivers.

At this point in 2019, only 10% of trucks were sitting idle for that reason.

What with people not driving to work everyday, fuel consumption went down. The need for tank-truck drivers went down, and bunch of them got out of the business.

Now think what it would be like if (when?) someone hacks the electric grid. Actually you just have to ask the folks in California, since they lived through a couple of week-long outages.

No comments:

Post a Comment

Be Nice. Arguments are welcome. Personal Attacks will be deleted