Why the Colonial Pipeline Ransomware Attack and the SolarWinds Hack Were All but Inevitable

/in


780th Military Intelligence Brigade

Military units like the 780th Military Intelligence Brigade shown here are just one component of U.S. national cyber defense. Credit: Fort George G. Meade

Takeaways:

  • There are no easy solutions to shoring up U.S. national cyber defenses.
  • Software supply chains and private sector infrastructure companies are vulnerable to hackers.
  • Many U.S. companies outsource software development because of a talent shortage, and some of that outsourcing goes to companies in Eastern Europe that are vulnerable to Russian operatives.
  • U.S. national cyber defense is split between the Department of Defense and the Department of Homeland Security, which leaves gaps in authority.

The ransomware attack on Colonial Pipeline on May 7, 2021, exemplifies the huge challenges the U.S. faces in shoring up its cyber defenses. The private company, which controls a significant component of the U.S. energy infrastructure and supplies nearly half of the East Coast’s liquid fuels, was vulnerable to an all-too-common type of cyber attack. The FBI has attributed the attack to a Russian cybercrime gang. It would be difficult for the government to mandate better security at private companies, and the government is unable to provide that security for the private sector.

Similarly, the SolarWinds hack, one of the most devastating cyber attacks in history, which came to light in December 2020, exposed vulnerabilities in global software supply chains that affect government and private sector computer systems. It was a major breach of national security that revealed gaps in U.S. cyber defenses.

These gaps include inadequate security by a major software producer, fragmented authority for government support to the private sector, blurred lines between organized crime and international espionage, and a national shortfall in software and cybersecurity skills. None of these gaps is easily bridged, but the scope and impact of the SolarWinds attack show how critical controlling these gaps is to U.S. national security.

The SolarWinds breach, likely carried out by a group affiliated with Russia’s FSB security service, compromised the software development supply chain used by SolarWinds to update 18,000 users of its Orion network…

Source…