cptlo
Pursuit Driver
As an IT professional, I have some thoughts....
1. Why Colonial Pipeline would have systems that control the pipeline connected to the internet or the same network as other internet-connected systems is beyond me. The control systems should be completely disconnected from the internet.
2. Clearly their disaster recovery plan needs to be looked at. They should have had full frequent backups along with a plan to recover systems more quickly.
3. I get that #1 and #2 are difficult and cost more money but we're talking about a crucial pipeline, not a mom and pop small business.
I'll also admit that I'm guilty of paying a hacker in a similar situation many years ago. About a month after I started my current job, our Executive Director opened an email attachment that contained a virus. It encrypted all the documents on her computer as well as all the files on our file server. I was able to recover the file server from a backup in about 4 hours but the files on her desktop were not backed up (everyone had been told frequently to store all files on the file server so there shouldn't have been any documents on her PC anyway). Unfortunately, she needed some of the files so she asked me to go through with paying the hacker. In this case, it was only $500. I had to go to a Walgreens and buy one of those cash cards and enter the card info into the encryption app. About an hour later, the program automatically started decrypting her files. Fortunately, now we have multiple levels of antivirus protection so the chances of this happening now are much less.
1. Why Colonial Pipeline would have systems that control the pipeline connected to the internet or the same network as other internet-connected systems is beyond me. The control systems should be completely disconnected from the internet.
2. Clearly their disaster recovery plan needs to be looked at. They should have had full frequent backups along with a plan to recover systems more quickly.
3. I get that #1 and #2 are difficult and cost more money but we're talking about a crucial pipeline, not a mom and pop small business.
I'll also admit that I'm guilty of paying a hacker in a similar situation many years ago. About a month after I started my current job, our Executive Director opened an email attachment that contained a virus. It encrypted all the documents on her computer as well as all the files on our file server. I was able to recover the file server from a backup in about 4 hours but the files on her desktop were not backed up (everyone had been told frequently to store all files on the file server so there shouldn't have been any documents on her PC anyway). Unfortunately, she needed some of the files so she asked me to go through with paying the hacker. In this case, it was only $500. I had to go to a Walgreens and buy one of those cash cards and enter the card info into the encryption app. About an hour later, the program automatically started decrypting her files. Fortunately, now we have multiple levels of antivirus protection so the chances of this happening now are much less.