On a topic dear to my heart, American Conservative takes executives to task for being idiots. Why is a Billion Dollar Pipeline Incapable of Defending Itself Against Ransomware?
In the aftermath of the pipeline shutdown, the whole emphasis has been on obfuscation.
When reading a story like this a telltale sign of spy handiwork is the noticeable use of the word “sophisticated.” That is, the victims were on the receiving end of “the most sophisticated cyber weapon ever deployed.” Gasp!
The unspoken benefit of this hyperbole is that it offers a degree of cover for decision makers. They can sanctimoniously hold their heads up high and claim “What could we possibly have done? The attackers were nation-state actors who were so skillful and crafty that no one could possibly expect to defend against them.” Pointing at themselves: “Especially me.”
In other words: not my fault.
Ransomware is not a new threat. It has become so commonplace, that in the absence of large scale fallout, as happened in this case, Steve Gibson, of Security Now has stopped covering it. It is a common background element of the world we live in. Or as American Conservative points out...
Ransomware is a pervasive threat. Any chief information officer worth his salt will have the foresight to deploy the controls necessary to sufficiently raise the cost of attacks as well as limit the damage that they incur—particularly when it comes to protecting the American infrastructure.
But there are 2 problems.
- Executives don't understand Information Technology, Cryptography, Hacking, Ransomware, etc.
- Executives don't like to spend money on stuff they don't understand.
And so they don't spend money to make sure that networks are protected, to update software in a timely fashion, whatever. And so we get Colonial Pipeline and a bunch of spin-doctoring. Anyway, click thru and read the whole thing.