On a fateful Friday morning, May 7, 2021, Colonial Pipeline, which operates a critical fuel supply conduit in the eastern United States, encountered a ransomware attack. Unbeknownst to the government, the company decided to suspend operations at the pipeline while it investigated what happened and how serious the damage was. This move had serious consequences, turning the cyber incident into a broader crisis within days.thousands of gas stations lost fuel and gas price It has risen to the highest level in about 10 years.
The shutdown disrupted the fuel supply chain, causing panic buying and subsequent shortages at gas stations in multiple states. Reports of long lines at gas stations and soaring prices revealed the real-world impact of cyber threats and highlighted the interdependence of physical and digital infrastructure. In addition, the number of people rushing to gas stations increased.
As the situation worsened, the US government took a series of decisive actions.
To calm public reaction, Homeland Security Secretary Alejandro N. Mayorkas and Energy Secretary Jennifer Granholm addressed the American people from the White House podium on May 11, 2021. The press conference room is a small room in the United States. About 50 reporters were packed into the west wing, with television cameras rolling in the back. It creates a terrifying stage for virtually the entire world to watch as media outlets gather to hold the US government accountable to the American people by asking pointed questions about the most important issues of the day. The two chiefs outlined what the government was doing. Reduce the impact of ransomware attacks.they too appealed For Americans, he said, “There should be no reason to stock up on gasoline, especially given the fact that the pipeline should be substantially operational by the end of this week or the end of the week.”
lasting impact
The geopolitical implications of the Colonial Pipeline ransomware attack were profound.In the aftermath, President Biden engaged He spoke directly with Russian President Vladimir Putin and emphasized the seriousness of the incident. This crisis has also highlighted the urgent need to: more robust Cybersecurity measures, especially for critical infrastructure like the Colonial Pipeline. This served as a stark reminder that cyber threats are not limited to the digital world. They can spread quickly and cause widespread disruption and social impact. Ultimately, the Colonial Pipeline scandal was a turning point.
This single incident continues to have ripple effects today, redefining the role played by CEOs and industry leaders and shaping how we think about cybersecurity for years to come. We also point out some important questions business leaders should ask themselves, and how a cyber incident can quickly escalate into a national security crisis that requires the attention of the U.S. president. I’m emphasizing it. He imagines what would have happened if another ransomware attack with a similar impact had occurred in the United States in late February or early March 2022, just days after Russian forces further invaded Ukraine. please look.
One ripple effect is how CEOs think about their roles and responsibilities. Joseph Brandt, CEO of Colonial Pipeline, said: Said Lawmakers said paying the roughly $4.3 million Bitcoin ransom was “the most difficult decision I have made in my 39 years in the energy industry.”Pay hackers to further accelerate the ransom cycle, or danger Significant disruption or even bankruptcy is an impossible choice.
CEOs are clearly paying attention. Few would be happy about making the path from Canossa to Washington and attracting attention from Congress and the media. What have we learned from this and other important incidents over the past two years? Here are six recommendations for CEOs.
1. Be careful how you communicate with the public.
Bank runs are a classic example of how public reaction and collective psychology can make a crisis worse. The hoarding of toilet paper during the coronavirus pandemic and hoarding at gas stations after ransomware attacks highlight that this problem is not limited to financial institutions.
Being careful about how and what you communicate to the public does not mean avoiding communication with the public. On the contrary, it is a necessity. However, companies need to take a thoughtful approach. As the Colonial Pipeline incident shows, this includes companies that rarely need to interact with the public as part of their daily operations, but may unexpectedly need to do so on some days.
2. Coordination with government.
The decision to shut down Colonial Pipeline’s pipeline system had to be made quickly, but there was probably enough time to consult with U.S. government experts. Shutting down a pipeline system, infected or not, meant that it would take several days to restart, and the actual fuel supply would be interrupted, all of which would require government action. Cooperation with governments is key to avoid unintentionally exacerbating the crisis.
3. Know who to contact.
To make informed decisions quickly and align with the right people, CEOs need to know who the right contacts are in government. As some anecdotes over the years have suggested, contacting NATO or the military is not the right answer.
That said, governments have a responsibility to provide clarity, as external parties may not be able to easily identify the appropriate people or institutions.
4. Plan and execute.
This is probably the most important point, as it is the means to achieve the other points. In addition to developing and formulating a plan, it should be implemented by him at least once a year, ideally under the supervision of the CEO. Regular tabletop exercises help company leaders and staff build the “muscle memory” necessary to respond effectively to real-life crises.
5. Know your network.
Ideally, the CEO should have a sophisticated understanding of how the company’s business IT and operational technology (OT) networks interact. If the system is air-gapped, there is no need to shut down the OT network if the breach is limited to his IT network.
That said, the ransomware attack on Colonial Pipeline demonstrated that even paralyzing a business IT network can have a significant impact. If a company can’t issue invoices and doesn’t know who their customers are or how to contact them, the real impact can be as devastating as actually stopping production.To a reader who was stranded at the airport after his airline’s IT system failed. power outageyou experienced the devastating effects firsthand.
6. Be humble and seek professional help.
Cybersecurity is a broad term that covers a very complex problem set. Although there are commonalities and some software is used across sectors, pipeline cybersecurity is very different from cybersecurity in the context of the financial sector, hospitals, schools, and railways. One of the key insights gained from years of experience with multidisciplinary cyber incidents is to recognize the limits of everyone’s knowledge, including that of cybersecurity professionals. Therefore, CEOs should not hesitate to seek outside help to help develop, test, and refine plans or review existing processes and policies.
Beyond these high-level recommendations, there are many other resources, including: Guide and checklist Detailed information for CEOs, board members, and CISOs. The US government, namely the Cybersecurity and Infrastructure Security Agency (CISA), also Stopransomware.gov and shield up As a resource designed for companies to use depending on their cybersecurity maturity.
Business leaders as guardians of trust
Business leaders have a bigger role to play than just strengthening corporate cybersecurity to avoid self-interest or national security crises, and can be considered guardians of trust in technology as a whole. Fundamentally, cybersecurity revolves around trust. Ransomware and numerous other cyberattacks exploit this trust. These leverage instances where someone clicks on an untrusted link, downloads an attachment from an unknown email address, or receives a malicious software update.
This principle extends to businesses’ trust in the technology underlying their systems and brings geopolitics back into the discussion. The role of Chinese companies regarding 5G networks has been a central theme in recent years. This began a broader discussion about how to consider risk when investing in, purchasing and using technology. The U.S. government’s concerns about some technologies originating from the People’s Republic of China include: well known. At the same time, in Brussels and other European capitals, discussion Influenced by the lessons learned from Russia’s invasion of Ukraine and Europe’s dependence, it advances on “risk aversion.”
Business leaders are at the center of this discussion because they are the most important guardians of technology trust. Which technology companies decide to invest and how they weigh costs against other benefits, such as increased security and trust, will determine the resilience of society as a whole.
Self-check for CEOs
Over the years, many have warned about the rise in cyber threats, and some have offered thoughtful advice on how to strengthen your organization’s protection and resilience. The following three questions will help you determine whether enough is being done to complement the recommendations above.
- Have you participated in a cyber tabletop exercise recently?
- Do you store your chief information security officer’s contact information somewhere other than your work phone or computer? (If your company’s network suffers a ransomware attack, you may lose access to your work devices. Please note.)
- Do you know who to contact in government in case of a cybersecurity incident?
If the answer to any of these is “no,” we hope that reading this article will generate some follow-up action. This could help better protect your organization and prevent future national security crises.