Colonial Pipeline

Some background Info:
Case Study Description Describe the case study in detail.  This should be about 1 page with citations
The Colonial Pipeline ransomware attack constituted a major disruption to the oil and gas delivery along the east coast of the United States.  The attack occurred on April 29, 2021 and has been attributed to an employee password that was lost in a previous attack.  That allowed the hackers to obtain access to the companys virtual private network via correct but compromised credentials.  The entity behind the attack was Darkside which was a cyber crime syndicate.  Since the attack the syndicate has disbanded (Lakshmanan, 2021).
On May 7, 2021, the company received a ransom demand via the network and determined it had been compromised.  The company began shutting down the pipeline and checking for damage.  Delivery was shut down for 5 days impacting the delivery of 12.5 million barrels of fuel resulting in gas shortages and long lines at fuel stations.  Ultimately no damage to the pipeline was discovered. (Turton & Mehrotra, 2021).
According to Ravie Lakshmanan, Darkside was able to exfiltrate nearly 100 gigabytes of data from Colonial Pipeline in the act of double extortion, forcing the company to pay a $4.4 million ransom shortly after the hack and avoid disclosure of sensitive information. The gang is estimated to have made away with nearly $90 million during the nine months of its operations(Lakshmanan, 2021).
In addition to the company losing $4.4 million and 100 gigabytes of data, the incident prompted action on the part of the U.S. government.  The FBI is currently looking into the ransomware criminal enterprise and ways to disrupt it (Lakshmanan, 2021).  Additionally, there was a Senate committee hearing on the attack on June 8, 2021 in which the Colonial Pipeline CEO was called to testify regarding the incident.  As a result of the incident the Transportation Security Administration issued a security directive.  According to the Department of Homeland Securitys press release,
[t]he Security Directive will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week.  It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days. (Department of Homeland Security, 2021)
Department of Homeland Security. (2021, May 27). DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators. DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators | Transportation Security Administration. https://www.tsa.gov/news/press/releases/2021/05/27/dhs-announces-new-cybersecurity-requirements-critical-pipeline.
Lakshmanan, R. (2021, June 7). Hackers Breached Colonial Pipeline Using Compromised VPN     Password. The Hacker News. https://thehackernews.com/2021/06/hackers-breached-    colonial-pipeline.html.

Turton, W., & Mehrotra, K. (2021, June 4). Hackers Breached Colonial Pipeline Using Compromised Password. Bloomberg.com. https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password.

Please write a case study for the Colonial Pipeline topic following this Format:
1. Title and Introduction
2. Stakeholder Assessment and Background, situation, policy, or problem
3. Decisions and Outcomes
4. Conclusions
5. Exhibits, Endnotes

Please don’t forget to cite accordingly.

Leave a Reply

Your email address will not be published. Required fields are marked *