What lessons have the US and Asia Pacific nations learnt from the cyberattack three years ago? What has been done to address such cyber-defense needs? Can more be done?

7 May 2024 marks the third anniversary of the cybersecurity attack on Colonial Pipeline. Since then, there has been countless other high-profile cyberattacks targeting critical infrastructure. 

It is a reminder of the massive economic impact of disruptions to private infrastructure, and how transparency and collaboration is necessary to prevent future catastrophic cyberattacks.

In its third anniversary, the Colonial Pipeline breach continue to serve as a wake-up call concerning the importance of cybersecurity and cyber-resilience, the interconnectedness of infrastructure systems — public and private, and the need for collaborative efforts to address emerging threats and vulnerabilities effectively. 

Because we cannot rest on our laurels and think the enemies are beaten, these lessons remain relevant today as organizations and policymakers continue to grapple with cybersecurity challenges in an increasingly digital and interconnected world. 

Marty Edwards, Deputy CTO for OT/IoT, Tenable, said: “In 2023 alone, IC3 received 1,193 complaints indicating critical infrastructure organizations were victims of ransomware attacks. These are voluntary reports, the actual number of attacks is unknown – and likely much higher.” 

National security risks

“Efforts to infiltrate the underlying systems that support not only our daily lives but also our economies are emerging as an acute national security risk,” warned Edwards. “These attacks are being executed by ransomware gangs and well-funded global adversaries that don’t share western values.” 

As a case in point, cybersecurity researchers have linked a January 2024 attack on a Texas water facility to Sandworm, a Russian threat group. 

“There is a clear and present threat that we cannot afford to ignore,” said Edwards. 

“While organizations have become increasingly transparent about incidents as they happen or soon after, we need transparency now to prevent future catastrophic cyberattacks. We’ve witnessed the success of this collaboration in action after the attack on Unitronics PLCs in Aliquippa, PA. Industries and government officials have demonstrated they know how to work together, but collectively we have to be open and dedicated to continuing this practice.” 

Addressing ransomware

The Colonial Pipeline breach involved ransomware, and drew attention to the growing threat of ransomware attacks and the need for proactive measures to prevent, detect, and respond to such threats effectively.

In the never-ending cat-and-mouse world of cybersecurity, the Biden-Harris Administration seemed to have made significant strides in collective cyber-defense, harnessing the full power of the US government to address the full spectrum of the threat. The Cybersecurity and Infrastructure Security Agency (CISA) has been laser-focused on improving resilience across the country’s critical infrastructure. 

Recognizing that organizations need a simple way to access actionable and timely cybersecurity information, CISA developed stopransomware.gov to provide a central location for alerts and guidance for businesses and individuals. Recognizing that only cohesive collaboration across government will scale to meet the threat, it also launched the Joint Ransomware Task Force in partnership with the FBI, to orchestrate the federal government’s response to the “ransomware epidemic”. 

To address the need to bring together industry, government and internal partners and tear down siloes that create gaps that the adversary could sneak through, the Joint Cyber Defense Collaborative (JCDC) was created to catalyze a community of experts from across the public and private sectors working at the frontlines of cyber-defense to share insights and information in real time to understand threats and drive down risk to the US.

In Asia Pacific, many nations have adopted a similar approach since the breaches at Colonial Pipelines and other critical infrastructure. For instance:

    • Australia has implemented a cybersecurity strategy that focuses on enhancing cyber resilience, promoting international cooperation, and strengthening law enforcement capabilities to combat cyberthreats, including ransomware. The Australian Cyber Security Centre (ACSC) provides guidance and assistance to organizations to improve their cybersecurity posture and respond to cyber incidents effectively.
    • Singapore has developed a comprehensive cybersecurity strategy aimed at strengthening the resilience of critical infrastructure, enhancing cybersecurity capabilities, and fostering collaboration between the government, industry, and academia. The Cyber Security Agency of Singapore (CSA) coordinates national cybersecurity efforts and works closely with organizations to prevent and respond to cyber threats, including ransomware attacks.
    • Japan has implemented various initiatives to enhance cybersecurity, including the establishment of the Japan Cybersecurity Strategy, which outlines measures to strengthen cybersecurity capabilities, promote international cooperation, and protect critical infrastructure from cyber threats. The government collaborates with the private sector to improve cybersecurity awareness and resilience and provides support to organizations affected by cyber incidents, including ransomware attacks.
    • South Korea has prioritized cybersecurity as a national security issue and has implemented measures to enhance cyber resilience, strengthen law enforcement capabilities, and promote international cooperation in combating cyber threats. The Korea Internet & Security Agency (KISA) provides guidance and support to organizations to improve their cybersecurity posture and responds to cyber incidents, including ransomware attacks.
    • New Zealand has developed a national cybersecurity strategy focused on enhancing cyber resilience, fostering collaboration between the public and private sectors, and promoting international cooperation to address cyber threats. The National Cyber Security Centre (NCSC) provides guidance and assistance to organizations to improve their cybersecurity defenses and responds to cyber incidents, including ransomware attacks.
Certainly, more needs to be done to mitigate, if not to eradicate, the threats. Collective cyber-defense on a global scale is the answer, but that still seems likely only in an ideal world – considering that some of these threats are state-sponsored and that many nations are still in a state of cyberwar!