The Colonial Pipeline cyberattack, which ended with Colonial Pipeline paying a $5 million ransom, set off alarms around the state of cybersecurity in the United States.
The cyberattack has been resolved and the 5,500 mile pipeline is up and running, but the ramifications of the pipeline shutdown serve as a reminder of the severity of cyberattacks.
'The risk of a cyberattack has been going steady for quite a while, this is just another manifestation of the risk that's out there,' said Spencer DeGraw, program chair of information technology at Ensign College.
DarkSide, a Russian-based ransomware company, is being credited with the cyberattack. DarkSide utilized a ransomware to encrypt Colonial Pipeline's business network, which it uses for payroll and reporting data.
Although DarkSide did not directly shut down the pipeline, Colonial Pipeline did as a precautionary measure.
'Clearly these are not inexperienced hackers. These guys are very good, very experienced, they know what they're doing,' DeGraw said.
An adequate back up of Colonial Pipeline's data could have prevented the shutdown of the pipeline, which has created gas shortages and increased gas prices, DeGraw said.
The ransomware hacks target a company's data to encrypt and lock it until the company pays the hackers. By having a back up of data, the company could bypass the hackers, since it has another copy of the data that is not encrypted.
'If you built in a good security strategy, a business continuity strategy, you should have all your data backed up, so basically you can tell them 'To go pound sand, I'm not going to pay you what you want, I've got a good copy of my data over here,'' DeGraw said.
Unfortunately for Colonial Pipeline a good security strategy was not in place and it had to shell out the $5 million ransom. In exchange DarkSide handed over a decrypting tool for the data, which didn't even work according to reports.
Ransomware companies are stepping up their game by using a 'double extortion,' which includes the encryption of the company's data and threatens to release the data publicly.
This recent cyber attack of Colonial Pipeline came off the heels of cyberattacks against other large companies such as SolarWinds and Microsoft.
'To a certain degree, businesses just kind of have to accept that this is the risk of doing business,' DeGraw said.
The threat of a cyberattack against companies is becoming more relevant, he said. Companies need to be aware of the dangers of cyberattacks and prepare security measures against them.
'Businesses, today, if they want to be successful, have got to acknowledge that this risk is real, that this threat is real and they've got to put in the time and effort to build up a security posture that will keep them safe,' DeGraw said.
Even with the risks of cyberattacks, companies can minimize the harm by having an adequate cybersecurity system, according to DeGraw.
'No one would ever say you can guarantee 100% that you can't get breached, but you can guarantee, pretty well, that if you've done everything you can you will be pretty safe,' DeGraw said.
Even smaller infrastructure companies are being targeted as seen in the case of the Oldsmar water-treatment facility in Florida.
A hacker breached into the facility's system in an attempted poisoning. Fortunately for the facility a worker noticed the attempted poisoning and shut the water off.
With the Oldsmar water-treatment facility being small compared to larger companies, its funds lack in the IT department. Smaller companies can prevent disasters from happening by hiring a monthly security operation center, DeGraw said.
'(Small companies) probably do have enough of a budget to hire a SOC as a service solution, which is just a monthly payment; it's not a multi-million dollar contract,' DeGraw said.
The Colonial Pipeline cyberattack is the biggest domino to fall in a string of cyberattacks and the aftermath is leading to government involvement to prevent another major cyberattack.
Cybersecurity guidelines for businesses already exist, such as the National Institute of Standards and Technology, to protect companies from cyberattacks like Colonial Pipeline experienced.
'There are already very substantial regulatory standards that have been defined,' DeGraw said.
U.S. representative Ted Lieu is proposing a bill to incentivize people to join the cyber career field in an effort to prevent hacks.
While there is a demand for cybersecurity professionals, DeGraw said he feels that the market is creating enough incentive for people to join. 'There is no doubt about it, we need more cyber professionals. I think the market is doing a good job of fixing that,'
No need for an overreaction
While the federal government is trying to enact laws to prevent another major cyberattack, people took matters into their own hands by filling up on gas in a variety of methods.
From car tanks, gas cans, storage bins and even grocery bags, people used anything to ensure they had gas, but DeGraw said it is important to not overreact.
'These risks are real, but I also think that we don't have to overreact. We know enough about cybersecurity now, we can get in, we can clean up the mess, we can run cyber forensics and figure out what happened,' DeGraw said.