



The New York Times

Pipeline attack teaches urgent cybersecurity lessons in US

For years, government officials and industry executives have run elaborate simulations of a targeted cyberattack on the power grid or gas pipelines in the United States, imagining how the country would react. But when the real moment, it’s not an exercise came, it was nothing like war games. Sign up for The Morning New York Times newsletter. The attacker was not a terrorist group or a hostile state like Russia, China or Iran, as had been assumed in the simulations. It was a criminal extortion ring. The goal was not to disrupt the economy by taking a pipeline offline, but to keep corporate data for ransom. The most visible effects of long lines of nervous motorists at gas stations do not stem from a government response but from a decision by the victim, Colonial Pipeline, which controls nearly half of the gasoline, Jet fuel and diesel flowing along the East Coast, turning off the tap. He did so out of fear that the malware that had infected his back office functions could make it difficult to bill for fuel delivered along the pipeline or even spread into the pipeline operating system. What happened next was a vivid example of the difference between tabletop simulations and the cascade of consequences that can follow even a relatively unsophisticated attack. The aftermath of the episode is still playing out, but some of the lessons are already clear and show how far the government and the private sector must go in preventing and managing cyberattacks and in creating rapid backup systems in the event of a disaster. failure of critical infrastructure. . In this case, the long-held belief that pipeline operations were completely isolated from the data systems locked up by DarkSide, a ransomware gang supposedly operating outside of Russia, turned out to be false. And the company’s decision to shut down the pipeline has sparked a series of dominoes, including panic buying at the pump and a silent fear within government that the damage could spread quickly. A confidential assessment prepared by the energy and homeland security departments found the country could only afford an additional three to five days with the Colonial pipeline closed before buses and other public transport were forced to limit operations due to a lack of diesel fuel. Chemical plants and refining operations would also close, as there would be no way to distribute what they produced, according to the report. And while aides to President Joe Bidens announced efforts to find alternative means of transporting gasoline and jet fuel to the East Coast, none were immediately in place. There was a shortage of truck drivers and tank cars for the trains. Every fragility has been exposed, said Dmitri Alperovitch, who co-founded CrowdStrike, a cybersecurity firm, and chairs the Silverado Policy Accelerator think tank. We learned a lot about what could go wrong. Unfortunately, our opponents too. The list of lessons is long. Colonial, a private company, may have thought she had a waterproof protective wall, but she was easily raped. Even after paying extortionists nearly $ 5 million in digital currency to retrieve its data, the company found the process of decrypting its data and re-activating the pipeline to be extremely slow, which means it will still take more work. days before the East Coast returns to Ordinary. It’s not like flipping a light switch, Biden said Thursday, noting that the 5,500-mile pipeline has never been closed before. For the administration, the event turned out to be a perilous week in crisis management. Biden told his aides, one recalled, that nothing could do political damage faster than television footage of gas pipes and rising prices, with the inevitable comparison to the worst moments of Jimmy Carters as President. Biden feared that unless the pipeline resumed operations, the panic subsided and the price hike was nipped in the bud, the situation would fuel fears that the economic recovery was still fragile and that the inflation is increasing. Beyond the wave of actions to get oil flowing on trucks, trains and ships, Biden has issued a long-standing executive order that, for the first time, seeks to force cybersecurity changes. And he hinted that he was prepared to take action the Obama administration hesitated to take in the 2016 election, against direct actions to retaliate against attackers. Were also going to pursue a measure to disrupt their ability to function, said Biden, a line that seemed to indicate that US Cyber ​​Command, the cyberwar military force, was authorized to take DarkSide offline, just as it did. to another ransomware group the fall before the presidential election. Hours later, the group’s websites turned dark. On Friday morning, DarkSide and several other ransomware groups, including Babuk, who hacked into the Washington DC Police Department, announced that they were exiting the game. DarkSide hinted at disruptive action by an organization in the past. law enforcement unspecified, although it is unclear whether this was the result of US action or pressure from Russia before Bidens waited for a summit with President Vladimir Putin. And keeping quiet may simply reflect a decision by the ransomware gang to thwart retaliatory efforts by shutting down operations, perhaps temporarily. The Pentagon Cyber ​​Command referred questions to the National Security Council, which declined to comment. The episode highlighted the emergence of a new mixed threat, which may come from cybercriminals, but which is often tolerated, and sometimes encouraged, by a nation that sees attacks in its interests. , but as a nation that harbors more ransomware groups than any other country. We don’t think the Russian government was involved in this attack, but we have good reason to believe that the criminals who carried out this attack live in Russia, Biden said. We have been in direct communication with Moscow regarding the imperative for the countries responsible to take action against these ransomware networks. With the DarkSides systems down, it’s unclear how the Bidens administration would retaliate further, beyond possible indictments and penalties, which had not deterred Russian cybercriminals before. Responding with a cyberattack also comes with its own escalation risks. The administration must also take into account that much of the Americas’ critical infrastructure is owned and operated by the private sector and remains ready to be attacked. This attack revealed how poor our resilience is, said Kiersten E. Todt, CEO of the nonprofit Cyber ​​Readiness Institute. We are overthinking the threat, yet still not doing the bare essentials to secure our critical infrastructure. The good news, some officials say, is that Americans have received a wake-up call. Congress was faced with the reality that the federal government does not have the power to require companies that control more than 80% of the nation’s critical infrastructure to adopt minimum levels of cybersecurity. The bad news, they said, was that America’s adversaries not only superpowers, but also terrorists and cybercriminals have learned how little it takes to bring chaos to much of the country, even if they do. did not penetrate the heart of the electricity grid, or the operational control systems that transport gasoline, water and propane across the country. Something as basic as a well-designed ransomware attack can easily do the trick, while still offering plausible deniability to states like Russia, China, and Iran that often hire foreigners for cyber operations. sensitive. How DarkSide broke into the Colonials commercial network remains a mystery. The private company said virtually nothing about how the attack unfolded, at least in public. He waited four days before having substantive discussions with the administration, an eternity during a cyberattack. Cyber ​​security experts also note that Colonial Pipeline would never have had to shut down its pipeline had it been more confident in separating its commercial network from pipeline operations. There absolutely should be a separation between data management and actual operational technology, Todt said. Not doing the essentials is frankly inexcusable for a company that transports 45%. 100 of gas to the east coast. Other pipeline operators in the United States are deploying advanced firewalls between their data and operations that only allow data to flow in one direction, out of the pipeline, and would prevent a ransomware attack from spreading. Colonial Pipeline has not indicated whether it has deployed this level of security on its pipeline. Industry analysts say many critical infrastructure operators say installing such one-way walkways along a 5,500-mile pipeline can be complicated or prohibitively expensive. Others say the cost of deploying these backups is always less than the losses due to potential downtime. Deterring ransomware criminals, which have grown in numbers and outrageousness in recent years, will certainly be more difficult than deterring nations. But this week has clearly shown the urgency. Everything is fun and entertaining when we steal money from each other, Sue Gordon, former senior deputy director of national intelligence and longtime CIA analyst specializing in cyber issues, said at a conference hosted by The Cipher. Brief, online information. newsletter. When we are playing with a society’s ability to function, we cannot tolerate it. This article originally appeared in The New York Times. 2021 The New York Times Company

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos