Well, more fallout from the Colonial Pipeline attack. As the pipeline is now restarted and supply should return to normal within a few days, and the run on fuel continues with panic buying, the technology ramifications continue.
Senator Mark Warner, chair of the Senate Intelligence Committee, is calling for legislation to require private companies to report cyber-attacks to the government. The senator is also calling for a rapid response team made up of public and private sector experts, and would include the FBI, CISA, and firms like Amazon and Microsoft.
President Biden signed a cybersecurity executive order, focused on improving the US’s approach, intelligence, and response. The order includes a focus on IT services, leveraging the buying power of the fed. IT services providers working with the federal government must manage the data about incident response, share information with appropriate agencies, collaborate on investigations, and specifically share threat and incident intelligence.
Bloomberg is reporting that Colonial DID, in fact, pay a five-million-dollar ransom, and they did so with hours. The tool the hackers provided to decrypt was so slow that the company continued using its own backups to help restore the system.
Why do we care?
How’s that for irony? You pay the ransom and the tool isn’t better than your backups. Of course, ignoring the hackers and restoring from backup doesn’t solve the extortion threat.
One easy way to make a systematic change is to leverage the buying power of the federal government, and that’s what the executive order does. If its government policy you have to do disclosures to do business with the fed, it becomes the norm. I won’t be surprised to see disclosure become a federal law, and as a reminder, it’s state law for MSPs doing business with state and local government in Louisiana.
For most providers.. do you have your SOP nailed down for reporting? For incident management?