Colonial Pipeline Company is an oil company based in Texas, Houston and carries jet oil and gasoline to the southeastern part of the states. On May 7th, 2021 it experienced a ransom with cyber-attack that resulted in computerized equipment running the pipeline being invaded by the hackers. As a result of the invasion by the hackers, the company changed or rather halted all the operations of the company to manage the attack. The attackers requested a large amount of money that added up to $4.4 million.
With the support of the FBI, the amount was paid some hours later for the attackers to stop further damage and interference of the information of the company. Over a short period of paying the amount of money, the attackers sent an application to the company which was aimed at restoring the network which responded very slowly. This was the largest oil company infrastructure attack in the history of the United States which resulted in more than 100 gigabytes of data being stolen the day before the malware attack on the company (Azubuike, 2021). The FBI and other criminal investigation bodies identified the hackers as Dark Side and the department of justice announced that they managed to recover more than $2.3 million from the ransom payment.
However, the cyber-attack had an impact; both internal and external. One of the main internal impacts of the attack was that the billing system was interfered with even though the operational technological database was not affected. The company is unable to bill the customers which were a complete reason for changing the pipeline operations. Another internal impact is the shutting down of the operations because the company thought that the hackers may have the necessary information to carry out more attacks. The panic that is associated with the attack made the company owners not aware of the day the company will resume their operations hence impacting negatively on the oil users (Boschee, 2021). The colonial company lost some amount of money to the hackers which were up to $1.1 million approximately because some cash was reported to have been recovered.
One of the main external impacts of the attack was that there was a significant shortage of fuel in the states which led to the rescheduling of flights to a minimum of the four-day period. The attack also caused Hartsfield-Jackson Atlanta airport to use fuel from other suppliers which could not impact positively on the airport operations. Fuel prices rose significantly since there was no fuel in the filling stations especially in the states of Florida, Alabama, Georgia, southern and northern Carolina. A gallon of fuel rose to approximately $3 since 2014. Lastly, the temporary closure of the colonial pipeline company impacted the loss of existing and potential customers due to decreases trust and reputation.
How it happened; and the timeline of events
There are a few concrete reasons on how the attack happened and it would probably hold until the company gets a real glimpse of how the events took place through investigation. However, the whole story is all about the ransom outbreak that is associated with the Dark Side group that struck the colonial pipeline accompanying networks (Hobbs, 2021). The initial plot on the attack is not clear but can be an old, network vulnerability to the system of the company; a hacker email that correctly fooled the employee. The utilization of access credentials bought or borrowed from somewhere else had potentially leaked or other tactical ways of the hackers to infiltrate the network of the company or literally the employee logged in another computer using the same password for the VPN which probably leaked. This is the probable unfold of the events in the company’s network.
The most important fact to know is that the hackers were more concerned with money than crashing down the systems of the company. They targeted the business side but not the operational side hence a clear indication of no concern with the design of the pipeline company. With this, the hackers managed to enter into the company’s servers and steal the data that was responsible for the operations of the company (Hobbs, 2021). The following day they ensured they conduct a malware attack which means they gain full control of the company. The oil giants certainly said that the attack made the company be offline for a while as they figured out how they could come to terms with the attack.
The Timeline for the Event was as Follows
On 6th May 2021 the hackers stole 100 gigabits of data from the company’s system. On 7th may 2021 the hackers conducted a malware attack, security agencies (FBI) called to respond to the attack, notification of the federal government about the attack, pipeline goes offline to reduce more damage, colonial pipeline company pays $4.4milion to the hackers, 9th May 2021 emergency declaration by President Joe Biden, on 12th may 2021 the company had restored its system and ready to start working, 7th June 2021 department of justice recover approximately $2.3 million from the hackers, 8th June 2021 congressional hearing on the attack; It took some hours when the attackers requested money and promised to restore the network (Hobbs, 2021). Even though they returned the application that would support the operation, it did not fully respond to the large system of the company; it was very slow in response.
The company experienced a six-day shutdown which did not re-start with an immediate effect. The company management warned the public about the full return of the operations because the system had not yet fully recovered to its original functioning. Due to slow recovery, the company said that the markets that are served by the pipeline company would experience shortages or inconveniences on the delivery of the services. The prices would slightly increase, and they would move slowly in their operations until the market returns to normal.
Preparation for the Crisis and Challenges Faced during Preparation
The colonial pipeline company had put some measures in place that was a way of preparation for crisis management. In the case of the cyber-attack that occurred, the company had insurance cover policies that may have saved the company in paying the ransom amount of money and other minor expenses that are associated with the cyber-attack. This action came to effect since many companies have fallen victim to the cyber-attack that is rampant in the current world. The company had prepared to isolate the problem at its occurrence (Li, 2022). The company was ready to terminate its connectivity to the internet on the occurrence of the attack. It was reported that by Friday the company had disconnected its servers from the internet.
The advantage of the isolation of the problem is to determine if the data is ex-filtrated and if there is a possibility of reducing the demand for the ransom. Other very important steps to cater for the cyber-attacks that the company prepared for are the identification of the asset, putting measures in place to protect the assets, ensuring the detectors are in place to check if the assets have been interfered with, and lastly executing a recovery strategy for the assets in case of the interference (Li, 2022). The above steps are the most reliable preparation strategy for crisis management in an organization that colonial pipeline company employed to deal with the sudden attack.
However, there are some challenges that the company experienced regarding the preparation to face the crisis. The first challenge is a significant increase in cybercrimes in the country. This challenge is very significant because many cyber attackers are emerging and only attack companies. Secondly, the company faced the challenge of a lack of extensive cyber security knowledge. It is alleged that the password may probably have leaked in other locations which is a clear indication of insufficient knowledge about how to protect the credentials of the company.
The other challenge that the company faced is the growing attack surfaces that encourage widespread and easy attacks on the internet. People can interfere with the operations of a particular organization from any point that they are by use of any gadget that is connected with the internet (Reeder & Hall, 2021). This is beyond the company and is beyond their control. High costs of insurance are other challenges that the company face. To ensure a company of that magnitude needs high coverage policies that attract a large amount of money. This amount of money in itself is a challenge that the company faces in preparing for the cyber-attacks crisis.
How Did the Organization Communicate Before/During/After the Crisis?
The colonial pipeline company communicated differently, before, during, and after the crisis. Before the crisis, the company communicated by ensuring that it prepares for the possible occurrence of the crisis. Although many challenges were concerned with the communication towards the crisis, the company tried to take some steps of identification of its assets and the possible procedures of recovery hence could easily pass a message to the general public. Secondly, the company before the crisis had tried to upgrade its systems because it is a very complex company that needed strategized system (Reeder & Hall, 2021). Also, the act of ensuring the company with protective policies against the cyber-attacks is clear communication of the company on the possible occurrence of the crime. Therefore, from my evaluation, the initial communication before the crisis is more silent than utter communication. The action that the pipeline company does which includes insurance is a communication of a potential crisis.
During the crisis, there were so many communications that were passed through by the company. To begin with, the company was silent for more than a day on the day of the attack. This silence was symbolic to know where to begin from. It was a way of strategizing on the grounds of coming back to work and continuing with their daily operations. Secondly, the company hired the FBI who would help them in the investigation of the crime on the servers of the company. This action was a clear indication of the possibility of finding the culprit with the use of a more legal procedure (Tsvetanov & Slaria, 2021). 9th May 2021 the president of the United States declared a state of emergency that was a way of communication by the company.
The notification of the federal government about the attack and the law enforcement was another form of communication to the attackers that the problem is too big and has reached the main authorities of the nation. Lastly, there was a very bizarre communication after the crisis when the department of justice announced that it has managed to recover $2.3 million from the hackers was a clear communication that the government is more powerful than the attackers. To recover such an amount of money indicates more formidable and organized investigation institutions in the federal state of America. A congressional hearing was a clear communication that indicated that the crime like other crimes can take legal action and the attackers to be aware and ready to face the wrath (Tsvetanov & Slaria, 2021). All these communications are phenomenal because they help to foresight what may happen later in the due course of the operations of the company. The communication also shows that the crisis management approach in the company would change significantly.
Recommendation from Manager’s Perspective, to improve the Current Situation
As a manager I suggest that the investigation team in the US need to take a stun step of looking into the matter to prevent further occurrence in the future. In this regard, I propose that individuals found guilty should face the law as a way of scaring potential offenders who might be planning to attack other companies. This action will reduce any possible occurrence of the criminal offence because people will be scared of the consequences.
In addition, it is important for the State and companies to consider proper education to employees. The training will help them in understanding the limits of company interaction with the unauthorized people (Azubuike, 2021). This kind of education should take a form of conferences to workers and other concerned bodies. In this case, the education system should aim at equipping employees with all possible skills of attack prevention alongside understanding the need of protecting institutional resources. This will also help them in developing the urge to learn tricks used by attackers and how they can be prevented.
Recommendation to Prevent Long-Term Consequences
Colonial pipeline companies in the United States should ensure that it accelerates the recovery of the server to the way they have been functioning. The practice will help in retaining clients and other material information. In case of slow recovery to normal functioning, the company would record a lot of losses due to poor reputation which will scare the customers (Boschee, 2021). Therefore, the company needs to strive and restore the company’s computer systems to ensure that it caters and controls the supply of fuel in all the parts.
Secondly, to prevent further long-term vulnerability and consequences, the company should ensure that it puts appropriate measures in place that would help to protect the identity of the company. In case of any other attack, the company will lose potential customers and hence damage its reputation as the biggest supplier of fuel in the US. Therefore, the credentials of the company such as the password should be protected and made private to the company to prevent any possibility of occurrence of the attack again.
Thirdly, the company should put a deliberate communication about the crisis in the company for the employees to be aware of the target and where the company needs to be in a short time. Communication enables the employees to concentrate on products that will help put the company where it is supposed to be (Boschee, 2021). Therefore, in the case of the colonial pipeline company, the employees should know that the crisis happened and should be accepted as it is and move on with the normal operations.
In addition, the company should determine the impact of the crisis and try to fix it appropriately. This will help in establishing possible causes of crisis and design helpful measures to aid in preventing such occurrences in future. By determining the extent of the crisis, the company will be able to know how it will allocate its resources to the right place that will foster development.
Lastly, the company should focus more on understanding where the crisis began and employ the most experienced individuals to manage the department to prevent further damage. In the case of the colonial pipeline company, the information technology sector seems to need the most specialized people who would prevent any possible occurrence of the crisis (Boschee, 2021). Good management of the company’s data will help the company not to leak any potential information that would lead to the further downfall of the company.
References
Azubuike, S. (2021). Cyber Security Attacks: Regulatory and Practical Approach towards Preventing Data Breach and Cyber-Attacks in USA. Available at ssrn 3878326.
Boschee, P. (2021). Comments: Complexity of Cybercrime Skyrockets. Journal of Petroleum technology, 73(06), 8-8.
Hobbs, A. (2021). The colonial Pipeline Hack: Exposing Vulnerabilities in us Cyber Security.
Li, C. (2022). Securing us Critical Infrastructure against Cyber Attacks.
Reeder, J. R., & Hall, T. (2021). Cyber security’s Pearl Harbor moment. The Cyber Defense Review, 6(3), 15-40.
Tsvetanov, T., & Slaria, S. (2021). The Effect of the Colonial Pipeline Shutdown on Gasoline Prices. Economics Letters, 209, 110122.