National Security Implications of the Colonial Pipeline Hack

Over the last several months, major cyberattacks have been all too common mercilessly sparing no one including hospitals and schools, and even more recently an attack on JBS, the world's largest beef supplier, who was forced to close its meat processing plants in the United States and Australia. Many organizations are also still reeling from the effects of the widespread Microsoft Exchange vulnerability exploit known as "Hafnium". Affecting an untold number of companies at the core of their communications, this exploit was designed to silently steal data and it has been traced back to Chinese hacking collectives. A little further back, we found out about the SolarWinds attack, which ultimately affected thousands of companies, blinding them from their environments, injecting code and leaking data, this time tracing back to Russian sources. (For more on the SolarWinds attack, see, "How Should Directors Respond to the SolarWinds Attack," in the May 2021 issue of Cybersecurity Law & Strategy.) There is also the continual feed of ransomware incidents and a few months ago, a cyber-attack attempted to poison a water-treatment plant in Florida.

The Unthinkable

Unfortunately, Colonial Pipeline reportedly did the one thing that most security advisors and the FBI say should never be done — they paid close to $5 million in ransom to "Eastern European" hackers. (This price was apparently described as a 'bargain' based on comparisons to other ransomware attacks). This choice is only made when an organization has no strong cybersecurity plans, and no choice in the first place. Statistics show that less than 10 percent of companies that pay the ransom get all the data back they lost, and once a company pays, they will be known as a company that pays; meaning, hackers will come back for more.