What We've Learned in the 12 Months Since the Colonial Pipeline Attack

The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?

2 Min Read
What We've Learned in the 12 Months Since the Colonial Pipeline Attack
Alamy

Cybersecurity experts have warned about vulnerabilities within the critical infrastructure for years. It came to fruition in May 2021, when Colonial Pipeline was hit with a ransomware attack. The response, of course, was the company temporarily shut down oil and gasoline delivery, which resulted in major panic and shortages all over the East Coast.

"The Colonial Pipeline attack was a major wake-up call to improve cyber defenses for critical infrastructure," says Tom Badders, senior product manager at Telos. "The attack vector for ransomware has typically been targeted to information technology networks. This was the first major attack on an operational technology network."

The attack brought much-needed attention to risks to the critical infrastructure and how something as simple as a stolen password can create a national nightmare. The immediate response was to come up with ways to prevent a similar attack (and there has not been one as of yet), but over the past year, have we really learned any lessons from Colonial Pipeline? Has anything changed in the way we think about protecting our systems, particularly critical infrastructure?

Wake-Up Call

The Colonial Pipeline attack offered everyone, from government officials to ordinary citizens, a glimpse into what could happen and why it is vital to have a good security team with a solid mitigation plan in place, says Willy Leichter, CMO at LogicHub.

Related:8 Tips for Creating a Ransomware Response Plan

"In terms of wake-up calls, the Colonial Pipeline cyberattack was a good jolt of caffeine to the country," he says. "The Colonial security teams acted quickly, cautiously, and probably correctly to shut down the pipeline, although it took six days to get it back online."

But then the country hit the snooze button.

"Unfortunately, I think very little has changed," says Den Jones, CSO at Banyan Security.

Many companies still operate under the "it won't happen to me" assumption, Jones points out, and smaller organizations don't have the resources in place — or don't think they need them — to address a major cyber incident. When organizations do have security teams in place, they are spread thin.

Continue Reading on Dark Reading

Read more about:

Dark Reading

About the Authors

Sue Poremba

Contributing Writer, Dark Reading

Sue Poremba is freelance writer based in central Pennsylvania. She's been writing about cybersecurity and technology trends since 2008.

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like