Pipeline Hack Executive Order Will Impact Certain Private Businesses
A newly signed Cybersecurity Executive Order aims to prevent future ransomware attacks like the pipeline hack that occurred early May of 2021.
President Biden recently signed an executive order to boost the country’s cybersecurity defenses. It follows several major cybersecurity incidents, including a gas pipeline hack that has prompted gas shortages in the southeastern part of the US. The Cybersecurity Executive Order seeks to strengthen cybersecurity for federal networks and outline new security standards for commercial software used by businesses and the public. The White House says it is about shifting the mindset from always responding to incidents to preventing them before they happen.
How Will The Executive Order Impact Private Businesses?
The order lays out a series of new requirements for companies that do business with the government. It requires companies to report breaches and share cyber threat information. It also updates security standards on government networks, including mandating multifactor authentication. The executive order also establishes a Cybersecurity Safety Review Board to review these incidents, which is modeled on the National Transportation Safety Board that reviews airplane incidents. The Biden administration says that the Colonial Pipeline attack, as well as the recent SolarWinds and Microsoft Exchange attack, make it clear how vulnerable our public and private networks are to ransomware and malware and that the status quo is no longer acceptable.
Additionally, the administration hopes that by increasing the security requirements for companies that the federal government does business with these higher security standards will trickle down through the private sector. They also want to develop a pilot program like Energy Star ratings on appliances, so consumers know if software was developed securely.
Pipeline Hack Explained
On May 7, the operator of the country’s largest fuel pipeline, Colonial Pipeline, fell victim to a cybersecurity attack that involved ransomware. The gas pipeline hack, carried out by the criminal cyber group known as DarkSide, forced the company to shut down approximately 5,500 miles of pipeline, leading to a disruption of nearly half of the East Coast’s fuel supply.
Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data. In the past several years municipal governments, K-12 school boards, and even city airports, have been popular targets of persistent cyberattacks.
Colonial Pipeline has confirmed that they did end up paying a ransom of nearly $5 million dollars to the hacking group in exchange for decryption software. It will also cost Colonial Pipeline tens of millions of dollars to completely restore its systems over the next several months.
Cybersecurity Solutions for Businesses
With ransomware attacks on the rise, Compliance-as-a-Service (CaaS) solutions are more important than ever, and can help businesses achieve, maintain, and demonstrate their data security compliance requirements. Given the increasingly stringent data protection and privacy regulations now being enforced globally, businesses can no longer allow compliance to take a backseat. Achieving compliance requires both fulfilling all the obligations under applicable regulatory standards and being able to provide documented proof to pass any regulatory audits. Businesses will need a comprehensive solution that automates and helps streamline the necessary compliance processes, making it easier for them to adhere to extensive regulatory requirements.
The Cybersecurity Maturity Model Certification or CMMC, is a unified standard implemented by the U.S. Department of Defense (DoD) to regulate the cybersecurity measures of contractors working for the U.S. military. The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems. Contractors working across the defense industrial base (DIB) will now be required to implement and continuously maintain a series of strict cybersecurity guidelines demonstrating adequate cyber hygiene, adaptability against malicious cyberthreats and proper data protection strategies.
Backing up important files and making sure those files cannot be compromised during an attack is another solution. With managed backup and disaster recovery solutions your data is automatically and continually backed up in multiple formats and locations, such as offsite and in the cloud. Businesses that are hit with a ransomware attack can simply revert to a backup prior to the attack and do not have to pay a ransom.