The ransomware crisis continues, this time with an attack not on a local hospital or police department but on a pipeline that carries almost half of the East Coast’s gasoline, diesel and other fuels. The incursion is only the most dramatic of many recent reminders that the whole of the U.S. government must act to quell the threat — now.
Colonial Pipeline’s information technology services were reportedly breached last week by an Eastern Europe-based criminal collective called DarkSide. The company responded by shutting the pipeline itself, partly out of caution that the attackers could have gained access and partly out of necessity: It is impossible to invoice customers when your business network is locked down pending payment to a gang of hackers. The Transportation Department has temporarily relaxed regulations to prevent a supply shortage, and Colonial says it hopes to be “substantially” back online by the end of the week. This may, in other words, end up far from a catastrophe. Yet that says nothing about the damage the next incursion could do. And incursions will continue until Congress and the White House do something to stop them.
Ransomware response remains paramount, whether that has to do with helping victims restore access and weather the cost of the downtime, or discouraging payments to perpetrators who will keep striking as long as it’s profitable. There’s also a need for regulations that keep critical infrastructure safer from the start. President Biden is expected to issue an executive order mandating minimum cybersecurity requirements for federal contractors. But it’s up to Congress to impose similar requirements on those outside the chain of procurement who operate critical infrastructure. In the modern economy, it can prove impossible to isolate that infrastructure from the Internet entirely, so potential targets must protect themselves as best they can, even as they assume that protection will never be total. They must actively hunt for breaches and boot the breachers out.