Any shortcomings by Colonial would be especially egregious given its critical role in the U.S. energy system, providing the East Coast with 45% of its gasoline, jet fuel and other petroleum products.
Smallwood, a partner at iMERGE and managing director of the Institute for Information Governance, said he prepared a 24-month, $1.3 million plan for Colonial. While iMERGE’s audit was not directly focused on cybersecurity “we found many security issues, and that was put in the report.”
Colonial’s statements Wednesday suggest it may have heeded a number of Smallwood’s recommendations. In addition, it says it has active monitoring and overlapping threat-detection systems on its network and identified the ransomware attack “as soon as we learned of it.” Colonial said its IT network is strictly segregated from pipeline control systems, which were not affected by the ransomware.
Any shortcomings by Colonial would be especially egregious given its critical role in the U.S. energy system, providing the East Coast with 45% of its gasoline, jet fuel and other petroleum products.
Smallwood, a partner at iMERGE and managing director of the Institute for Information Governance, said he prepared a 24-month, $1.3 million plan for Colonial. While iMERGE’s audit was not directly focused on cybersecurity “we found many security issues, and that was put in the report.”
Colonial’s statements Wednesday suggest it may have heeded a number of Smallwood’s recommendations. In addition, it says it has active monitoring and overlapping threat-detection systems on its network and identified the ransomware attack “as soon as we learned of it.” Colonial said its IT network is strictly segregated from pipeline control systems, which were not affected by the ransomware.
Any shortcomings by Colonial would be especially egregious given its critical role in the U.S. energy system, providing the East Coast with 45% of its gasoline, jet fuel and other petroleum products.
Smallwood, a partner at iMERGE and managing director of the Institute for Information Governance, said he prepared a 24-month, $1.3 million plan for Colonial. While iMERGE’s audit was not directly focused on cybersecurity “we found many security issues, and that was put in the report.”
Colonial’s statements Wednesday suggest it may have heeded a number of Smallwood’s recommendations. In addition, it says it has active monitoring and overlapping threat-detection systems on its network and identified the ransomware attack “as soon as we learned of it.” Colonial said its IT network is strictly segregated from pipeline control systems, which were not affected by the ransomware.
May 12, 2021 at 4:31 pm
BOSTON (AP) An outside audit three years ago of the major East Coast pipeline company hit by a cyberattack found “atrocious” information management practices and “a patchwork of poorly connected and secured systems,” its author told The Associated Press.
“We found glaring deficiencies and big problems,” said Robert F. Smallwood, whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. “I mean an eighth-grader could have hacked into that system.”
How far the company, Colonial Pipeline, went to address the vulnerabilities isn’t clear. Colonial said Wednesday that since 2017, it has hired four independent firms for cybersecurity risk assessments and increased its overall IT spending by more than 50%. While it did not specify an amount, it said it has spent tens of millions of dollars.
- May 10, 2021, 12:51 PM
Friday’s shutdown of the Colonial pipeline had not made a meaningful impact on U.S. air travel as of Monday morning. However, the ransomware attack that spurred the shutdown has triggered an increase in spot fuel prices and prompted the Department of Transportation to declare a state of emergency in 17 East Coast states, paving the way for the temporary loosening of restrictions on truck transport of fuel.
In a statement issued last night, Colonial said it continued to work to “understand” the issue, but gave no indication when service would be restored. Industry fuel experts predicted supply problems could emerge as early as Tuesday, as refined products begin to back up in Texas. And this morning, the price of jet fuel had already increased modestly on the spot market above its Friday $1.82-per-gallon closing price. The price of aviation fuel has more than doubled over the last 12 months.