- Ø Activity A – Fill in the blanks
Last month, a cyberattack on the USA company Colonial Pipeline, ___________ operates a pipeline providing
nearly half the East Coast's fuel supply, triggered a massive shutdown. Hackers infiltrated its computer network and ___________ more than $4 million in ransom; the company
shut down the pipeline.
Colonial Pipeline ___________ the decision to pay the ransom ___________ the same day, and it ___________ 6 days to restart the pipeline.
In the interim, several governors in affected states declared states of
emergency and urged the public not to hoard gas. ___________ ,
panic-buying led to temporary outages in 11 states and Washington, D.C.
Last week, the Transportation Security Administration announced a new policy which requires pipeline operators ___________ report cyberattacks to the federal government
within 12 hours and ___________ Thursday, the White House released a memo to
corporate executives and business leaders urging them
to take immediate ___________ to protect against ransomware risks in the wake
of attacks on both Colonial Pipeline and the meat company JBS.
"The most important takeaway from the recent ransomware attacks on
U.S., Irish, German and other organizations ___________
the world," said Anne
Neuberger, deputy national security adviser, in the memo, "is that
companies that view ransomware as a threat to their core business operations rather
___________ a simple risk of data theft
will react and recover more effectively."
Joe Blount, CEO of Colonial Pipeline spoke with National Public Radio about
getting the pipeline safely back online, making the tough call to shut down the
gas over a cyberattack and why paying the ransom was "the right decision
to ___________ for the country."
- Ø Activity 2 - Read on for highlights of the interview. Ask a question
based both on what Colonial Pipeline CEO Joe Blount says and on each sentence
beginning with ON
On whether operations are fully restored
Your question:
No, definitely not fully restored. And I think if you talk to anybody
who suffered from one of these criminal cyber-attacks, they would tell you that
it takes months and months and months to restore your entire IT infrastructure.
In our case, our focus initially was to get the pipeline back up and running
safely and as soon as we possibly could. So we got the critical IT structure
put back together. But we have months and months of work ahead of us.
On why the company shut down the gas over a
computer system attack
Your question:
Let me take you back to the early morning of May 7. We knew immediately
that there was an issue, and we are programmed to only operate the pipeline if
we feel that it's in safe operating condition: it won't cause any harm to
employees, the communities we serve or to the environment. So we have what we
call "stop work authority" at Colonial; any of our employees has the
opportunity to use it. If they identify a risk, their job is to contain it
immediately. In this case, a ransom ware note came across the screen in our
control room. It was immediately recognized, and the control room supervisor
immediately decided to shut down the pipeline. It was the right decision to
make because you don't know what you have to deal with at that point in time.
On his decision to pay a nearly $4.5 million ransom
in crypto currency
Your question:
It was obviously, probably the hardest decision I've ever made in my
career. I've been an employee of Colonial Pipeline for three and a half years,
but I've been in the industry for almost 39 now. So once we identified the risk
and contained the risk by shutting the pipeline system down and immediately
called in cyber experts to help us with identifying further what had been done
to our system, one of the things that came up, ultimately, was the ransom and
whether to pay the ransom or not.
The conversation went like this: Do you pay the ransom or not? And of
course, the initial thought is: You don't want to pay the ransom. You don't
want to encourage hackers; you don't
want to pay these criminals. But our duty is to the American public. So when
you know that you have 100 million gallons of gasoline and diesel fuels and jet
fuels that are going to go across the Southeastern and Eastern seaboard of the
United States, it's a very critical decision to make. And if owning that
de-encryption tool gets you there quicker, then it's the decision that had to
be made. And I did make that decision that day. It was the right decision to
make for the country.
On the government's role when private companies
face cyber-attacks and ransom
Your question:
At the end of the day, it's a decision that has to be made by the
company. ... I think that obviously private industry has a responsibility here.
Pipelines do invest in cyber-ware and security. It's a natural extension of
what we've done historically, which is focus on the physical security of our
asset. So it really pretty much needs to become a private-public partnership.
I think once we complete our investigation into this event, partnering
with the government, sharing those learnings with our peers in the
infrastructure space and more broadly across other sectors, is very important
so that they can learn lessons from our event.
- Ø Activity 3 – Should a company facing
a cyber-attack pay hackers the ransom they demand?
