America’s largest oil pipeline shut down after it came under a cyberattack. Nation-sponsored attacks and financial crime are both on the rise, and the boundary between them is blurring. Officials and citizens must work together to reinforce security policy.
Colonial Pipeline, the victim of the attack above, is the largest oil pipeline in America. The shutdown of the most critical infrastructure – the pipeline 2.5 million barrels of fuel a day, equivalent to 45% of the U.S. East Coast’s demand – is a warning about the damage cyberattacks can inflict on the economy and society.
Colonial was ensnared by special softward known as “ransomware,” which demands money in exchange for data made unusable by encryption.
A hacker group called Darkside, which targets public companies outside of the former Soviet Union, is a suspect in the hack. Darkside claims that it donates part of the money it steals to charity, but it is unclear whether this is true.
There have also been successive attacks in which countries are possibly involved. One example of this is the attack several years ago, seemingly by a group affiliated with the Chinese military, on 200 Japanese defense and aviation firms and research institutes, including the Japan Aerospace Exploration Agency.
The American government determined in April that Russia carried out large-scale cyberattacks in 2020 against American government institutions, military and corporations, and imposed severe sanctions.
There is no reason to relax when it comes to attacks by criminal organizations that have no apparent national connections, as the ransomware damage against Japanese companies like Kajima and the Hoya Group shows. Shouldn’t government and the public both prioritize cyberdefense?
First, the government needs to clearly affirm that cyberattacks are a security threat and accelerate its preparation for a defense apparatus accordingly. In addition to adding personnel and organizations, it must look into legislation that makes defensive measures flexible.
Current measures should routinely recognize which risks are becoming obsolete. The old way of reusing passwords has proven to be vulnerable. There is also a risk that arrangements like virtual private networks, which allow the use of private systems outside of a company, could be put to nefarious use.
New security technology, like arrangements that forgo passwords, are appearing all the time. We hope that that officials and the public will revise existing policies and enhance their effectiveness flexibly, but quickly.