The recent cybersecurity breach of the Colonial Pipeline sent ripples from the Gulf Coast of Texas to New York and then throughout the American economy.
Panicked consumers sought to gas up their vehicles out of fears of an impending shortage and drained pumps throughout the Southeast. Cybersecurity experts and a host of government and law enforcement agencies are tracking down the perpetrators who are believed to have used malware to force Colonial into paying a ransom.
The incident comes on the heels of several other high-profile hacking incidents aimed at municipalities and government offices in which perpetrators have used cyber attacks to paralyze vital resources and services before demanding a ransom.
With Colonial slowly resuming operations, supply chain and cybersecurity experts at Florida State University are available to comment on this incident and its greater implications for cybersecurity and economic security.
Larry Giunipero, professor, College of Business
(850) 644-8224; lgiunipero@business.fsu.edu
Giunipero’s academic specialty is supply chain management and purchasing. His work also focuses on strategic sourcing, supply chain risk, global sourcing and technology applications.
“From a supply standpoint, there are no refineries between Alabama and Pennsylvania so the Southeast and parts of the Northeast depend on Colonial’s 5,500–mile pipeline for supply. The disruption here was not physical but informational as attackers invaded the company’s systems and thus created the shutdown. Risks to the supply chain originate from many sources and be physical — e.g. ruptured pipelines, scarcity of supply of crude, lack of refinery capacity or in this case cyber security. The company is working hard to restore its supply chain but backfilling supply is the key variable, particularly since many people panic and overbuy further aggravating this shortage.”
Diogo Nunes De Oliveira, assistant professor, College of Communication and Information
(813) 401-4294; diogo.oliveira@cci.fsu.edu
Diogo’s research interests include disaster recovery schemes, network function virtualization (NFV), software-defined networking (SDN), optimization, cybersecurity, network performance.
“This is a complex subject because these types of large-scale attacks usually are not simply monetary-focused attacks. In many occasions, there is a political or enterprise motive involved. The Colonial pipeline attack was a ransomware attack. The attackers were able to install a malware that encrypts data. The target needs a key to decrypt that data, and they have to pay a ransom to get that key. In most cases, this happens because the victim fell behind as far as its security systems. Apparently, the Colonial pipeline infrastructure is not using state-of-the-art security solutions, and therefore they were not able to detect the incoming anomalies. However, I said, this is a very complex subject. Several implications can come out of it, different motives may exist.”