The Colonial Pipeline Attack — One Year Ago: Was It America’s Sputnik Moment?

CYRIN Newsletter

The Colonial Pipeline Attack — One Year Ago: Was It America’s Sputnik Moment?

It seems that May is the month of anniversaries for cybersecurity. Last year it was Colonial Pipeline. Five years ago, it was the North Korea-backed WannaCry cyberattack. Many have speculated that recent events have created a “tipping point.” Some, including the May 2021 CYRIN newsletter, called the Colonial Pipeline attack America’s “Sputnik” moment. Is the War in Ukraine along with the Solar Winds attack from two years ago the final pieces in a long string of events that will change how we think about cybersecurity?

Now, perhaps the third rail for cybersecurity has occurred – the war in Ukraine. Although, from a cyber perspective, it has not directly affected the US or much of the rest of the world, just the potential impact of the threat has galvanized efforts to increase security at home and abroad. When cyber-attacks garner mainstream media attention, it does begin to rise to the Sputnik level.

SolarWinds (first reported in December 2020), Colonial Pipeline (May 2021), and now Ukraine. It’s said that bad things happen in threes, if so these last three may have been enough to push everyone to the edge; that’s if we are smart enough to take the hints.

The ransomware attack on the Colonial Pipeline – which left more than a thousand stations along the east coast without gas – brought back images we thought were left in the 1970s: oil embargos, rationing, and long lines at the pumps. What it clarified was the need to modernize infrastructure, to ensure our systems are not static targets, and to make our responses more agile. What’s next? What have we learned? What can we do to avoid another cyberattack on our infrastructure?

This is Not New

This is not new. The warnings have been coming for decades. An issue of Slate noted that in 1984 a national-security directive, signed by President Ronald Reagan, warned that computer networks, which were just then emerging, were “highly susceptible to interception, unauthorized electronic access, and related forms of technical exploitation” by “terrorist groups and criminal elements.”

Cyber-attacks have become a multi-trillion-dollar threat. To adapt, companies, educators, and trainees will need flexibility. Also, these rising trends in cyber-attacks happened during a pandemic which has changed how and where we work. Companies are rethinking workplaces, trying to design in-person work environments that people might want to return to. The future of work will most likely be a combination of in-office, virtual, and work from home – which will pose cybersecurity challenges. According to Fortune, this hybrid model comes with built-in dangers. Hybrid workplaces will allow us to create organizations that are more flexible, productive, and accessible than ever before. However, cybercriminals know this and are finding ways to take advantage of these vulnerabilities.

With more people continuing to work off-site or in hybrid ways, cybersecurity experts will have to do more to support the workforce and protect companies and infrastructure. Employers will need to step up their cybersecurity training, including looking for outside support. What’s more, employers will need new methods and avenues to attract workers due to a shortage of both people with degrees and people with effective knowledge and training for what to do in a cyber environment.

Private and Government Responses

That means the future will include some exciting developments. There will likely be more consortiums like the recent cloud initiative, Cloud Security Notification Framework Detector, which is seeing companies like Microsoft, Google, and IBM teaming up. Fortune reports that these cloud rivals are working together on a project that will help companies better defend against hackers and additional cybersecurity threats. According to this same article, the initiative “involves tracking and recording attempts by hackers to infiltrate corporate systems.”

As Daniel Conroy from Raytheon (which is also part of the project) explained, each cloud-computing vendor records security incidents differently. As a result, “companies can have a hard time getting the full picture about the latest cybersecurity attacks.” Many companies use several cloud services for multiple IT projects – and these can include operating both internal and external apps. These businesses have had to create their own software to interpret alerts sent to them by their cloud providers, Conroy said. But the new collaborative initiative would change this. And the fact that so many companies, many of them competitors, have teamed up for this project – Microsoft, Google, IBM, Raytheon, Goldman Sachs, Pfizer, Cisco, FedEx – should reveal how urgent they see the need for cybersecurity, particularly in the cloud. Of course, as one of the participants said, they all have a vested interest in more businesses feeling safer about adopting cloud-computing services.

Washington is Finally Paying Attention

There is also a need for more federal support for cybersecurity, especially given the recent attacks on infrastructure. This month, lawmakers told the House Appropriations Committee that the Cybersecurity and Infrastructure Security Agency (CISA) needs at least 400 million dollars more in funding for the 2022 budget. MSSP reported that “the Congressional members said that the nation-state cyber conflagration moves CISA from the wings to center stage to ‘build meaningful security in federal networks and national resilience to significant cyber incidents.’”

The request for more funding was bipartisan. Reps. Jim Langevin (D-RI) and Mike Gallagher (R-WI) wrote a letter to the Committee that “praised CISA’s response to the massive SolarWinds Orion attack tied to Russian-backed cyber operatives and the vast Microsoft Exchange Server infiltration carried out by the China-sponsored Hafnium hacking crew, as the lawmakers lobbied for a fatter funding package for the agency.” They noted that CISA played a central role in the US government’s response, “providing cyber defenders in its sister agencies and critical infrastructure providers across the country with timely and reliable information on the threat and indicators of compromise.” CISA needs additional funding so it can continue “to provide services to the rest of the U.S. government to identify threats and harden federal networks against future attacks, to the extent that their resources allow.”

In fact, CISA has taken actual steps and during the past year has deployed or updated a suite of monitoring tools that — essentially for the first time ever — give the agency broad visibility into hacking threats across most of the civilian government. The developments have been in the works — in some form or other — for years. But, according to reports, they got a major kick in the pants about 18 months ago when the government was caught flat-footed by the massive SolarWinds espionage hack, which compromised reams of data from numerous federal agencies. CISA is in the process of installing these endpoint detection tools at 11 other agencies. It expects to have them installed or in the process of being installed at 53 total agencies by the end of September. That’s slightly over one-half of all federal government agencies.

The workforce environment is changing; there are more attacks on critical industries; and there is a growing response from and collaboration by both industry and government to address these attacks. Obviously, cybersecurity training must continue to adapt going forward too – moving to hybrid models that meet workers where they are, including both in person and virtual training, and improving the real-world scenarios to match the challenges we face. The recent critical infrastructure attacks mean our industry is under attack – and education and training must meet the challenge.

Can CYRIN Training help?

CYRIN can help. CYRIN’s online interactive virtual training platform is designed to improve the skills of IT, engineering and cybersecurity professionals and students. CYRIN contains more than 50 interactive labs where you can train on commonly used tools in network administration and defense, individual and red team/blue team exercises, and numerous attack scenarios where students and trainees must mitigate random attacks on industrial and enterprise networks. Each student or trainee receives his/her own virtual instance of the CYRIN cyber range and completes “learn by doing” courses.

Please take a look at our entire course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!

< Read other CYRIN Newsletters

Contact Us for details or to Set Up a CYRIN Demo

Watch CYRIN: The Next-Generation Cyber Range

Learn More About How CYRIN Online Training Can Benefit You