Colonial Ransomware Attack to Put Cybersecurity in the Spotlight

The Colonial Pipeline outage came amid a wave of new cyberattacks, with several more sophisticated and far-reaching than ever before. During the past year, roughly 2,400 ransomware attacks have hit corporate, local and federal offices.  

Despite calls for increased regulations to bolster cyber defenses following the Colonial Pipeline attack, Congress has a long and unsuccessful record of addressing cybersecurity threats. Previous efforts to mandate minimum standards of software security have failed to get through Congress, even after some notable and far-reaching attacks. Small businesses have said the changes are not affordable, and larger ones have opposed an intrusive role of the federal government inside their systems.  

But this latest attack could mean Congress and regulators take action to introduce mandatory cybersecurity standards for all businesses, including the liquid terminal industry. Already, the Department of Homeland Security is moving to regulate cybersecurity in the pipeline industry for the first time to prevent a repeat of the Colonial Pipeline outage, an incident that highlighted the vulnerability of critical infrastructure to online attacks.

DHS' Transportation Security Administration is expected to issue a security directive shortly, requiring that pipeline companies report cyber incidents to federal authorities, the Washington Post reported May 25. TSA would then follow up in the coming weeks with a more robust set of mandatory rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked. The agency has offered only voluntary guidelines in the past.

Most businesses and many cybersecurity experts say mandatory standards could prove detrimental because they would require companies to focus on historical threat types instead of innovating and improving security to address the next attack. They say cyberattacks are rapidly evolving and companies need to remain nimble to protect systems.