Earlier today, my dad texted to ask if I’d filled up my car recently. As luck would have it, I filled up yesterday on the way home from a Mother’s Day hike.
Lines were forming at gas stations this afternoon as the Colonial Pipeline, which carries millions of refined fuel between the Gulf Coast and northeastern United States, was shut down due to a cyberattack.
DarkSide, the group that cybersecurity pros believe is behind the ransomware attack, is apparently a pretty sophisticated group:
DarkSide is one of a number of increasingly professionalized groups of digital extortionists, with a mailing list, a press center, a victim hotline and even a supposed code of conduct intended to spin the group as reliable, if ruthless, business partners.
Experts like Div said DarkSide was likely composed of ransomware veterans and that it came out of nowhere in the middle of last year and immediately unleashed a digital crimewave.
A code of conduct for your cybercrimes gang.
Given how much of our infrastructure is susceptible to these kinds of attacks, and how easy it is to completely disrupt billion-dollar businesses with fairly straightforward tools, this is clearly going to become the kind of story that ends up being mundane.
Securing these systems is obviously important and could easily be the work of a government funded, civilian cyber-corps (or something less awfully named). But more importantly, we need to do the work of decoupling the hyperconnected systems we built over the past century. Power grids that are local and regionalized and run on a combination of solar, hydro, geothermal, and nuclear energy could be built today and would prove much more resilient than a single pipeline that powers half of the country.