Don’t Just Blame the Air Gap—Policy in the Wake of the Colonial Pipeline
On May 7, the ransomware gang DarkSide locked up the information technology (IT) systems of Colonial Pipeline, the energy distributor responsible for shipping nearly half of the East Coast’s gas and jet fuel.
Unable to confirm whether the industrial pipeline was compromised—and reportedly unwilling to dispense gas that could not be accurately billed—Colonial took it fully offline. Over a week later, systems are still not fully operational—causing a number of secondary impacts and forcing Secretary of Energy Jennifer Granholm to plead with consumers to stop panic-buying gasoline.
Critics have been quick to blame Colonial for taking insufficient security precautions, but the challenge of protecting critical infrastructure defies easy solutions. Join R Street for a no-holds barred conversation on lessons learned from the incident; the ethics of making ransomware payments; recent trends in industrial cybersecurity; the state of private/public partnerships; how the Biden administration should respond; and potential technical and policy solutions.
- [Moderator] Tatyana Bolton, Policy Director for Cybersecurity and Emerging Threats, R Street Institute
- Robert Knake, Whitney Shepardson Senior Fellow, Council on Foreign Relations
- Nina Kollars, Associate Professor, US Naval War College
- Maggie Morganti, Product Security Researcher, Schneider Electric
- Paul Rosenzweig, Senior Fellow for Cybersecurity and Emerging Threats, R Street Institute
- Mary Brooks, “IT vs OT: National Security Lessons from Colonial Pipeline,” R Street Institute, May 12, 2021.
- Robert Knake, “The TSA Should Regulate Pipeline Cybersecurity, Council on Foreign Relations,” Council on Foreign Relations, May 10, 2021.
Recent Work from the Federal Affairs Team