Federal Agencies React To Colonial Pipeline …
Restoring the operations of the Colonial Pipeline is now an all-hands-on-deck challenge, involving state and federal governments to jump in and find ways to manage the shortage, according to ongoing statements from the company’s website.
Deputy Secretary of the Department of Energy David Turk issued a video update on the actions the government is taking to handle the crisis, and encouraged citizens to refrain from panic-buying and flocking to the pumps. Instead, he highlighted three actions his department was taking to handle the matter:
- Constant and continuing contact with Colonial Pipeline to help them get up and running to full restoration
- Working with all U.S government agencies, such as the Department of Transportation, Environmental Protection Agency and the Department of Homeland Security and the FBI.
- All decision-makers are updated with the latest information to mitigate supply challenges.
Turk ensured that the pipeline would be back in service soon, but in his message, he did not mention the ransomware attack on Colonial. He did, however, encourage citizens to report incidents of price-gouging to their state attorney general.
Government agencies like the Cybersecurity & Infrastructure Security Agency (CISA) have also been responding to this attack. In a statement to the press, Executive Assistant Director For Cybersecurity Eric Goldstein said:
“We are engaged with the company and our interagency partners regarding the situation. This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
The Federal Bureau of Investigation has also issued brief statements on the Colonial Pipeline ransomware attack, stating that on May 10, they found that the DarkSide ransomware group is responsible for the compromise of the pipeline’s networks.
This was followed up with a CISA/FBI joint statement, which offered a list of mitigation steps to prevent similar attacks in other vulnerable organizations. These steps include:
- Require Multi-factor authentication
- Enable strong spam filters to prevent phishing emails from reaching end users
- Implement a user training program and simulated attacks for spearphishing
- Filter network traffic
- Update software
- Limit access to resources over networks, especially by restricting RDP
- Set antivirus/antimalware programs to conduct regular scans of IT network assets
- Implement unauthorized execution prevention by disabling macro scripts from Microsoft Office files, implementing application allowlisting, monitor/block inbound connections from Tor exit nodes and other anonymization services, and deploy signatures to detect/block inbound connection from Cobalt Strike servers.
Actions from the White House include an executive order that seeks to strengthen cyber defense, according to the New York Times. The order would set safety standards for all federal agencies and contractors with a zero-trust approach to all vendors. It also requires all vulnerabilities in their software to be reported to the government.
That executive order would also include a cybersecurity incident review board (which the New York Times compares to the National Transportation Safety Board), which would be charged with reviewing major cyberattacks like the one on Colonial Pipeline.
Recent news posts
CISA Issues Emergency Directive 22-03, Encourages VMware Updates
Cyber Fraud Task Force: Weekly News Update
Cloud Computing, Data Protection Top List of In-Demand Skills: ISACA Annual Report
Cyber Preparedness Consortium Bill Heading to President’s Desk
Explainer: CISA’s Shields Up Warning
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.