The ransomware attack against the Colonial Pipeline system occurred almost 17 years to the day after I testified before the Senate Subcommittee on Terrorism, Technology, and Homeland Security on cyber-risks facing critical infrastructure, particularly the industrial control systems (ICS) used to manage those infrastructures. And while there have been other incidents before this one that should have sparked radical changes in our approach to cybersecurity, I, like many other longtime observers, thought (perhaps naively) that this one would be the wake-up call our business leaders needed.
Whether or not we hit the perpetual snooze button once again remains to be seen. But there is a way forward to fix our broken system: Adopt a risk-led approach to cybersecurity that once and for all bridges the gap between cybersecurity and the business and aligns the entire enterprise to a North Star focus on what risks matter most to the organization.
Written by Dan Verton, Director of Content Marketing, in Dark Reading https://www.darkreading.com/risk/the-colonial-pipeline-attack-is-your-boardroom-wake-up-call/a/d-id/1341153
The May 8 ransomware attack against the Colonial Pipeline company not only shut down operations across one of the nation’s most important 5,500-mile energy infrastructures but it exposed a major weakness in the national cybersecurity strategy that has been 20 years in the making: Critical infrastructure cybersecurity must adopt a risk-led security strategy backed by a real-time decision and operational support system.