August 1, 2021

Volume XI, Number 213

Advertisement

July 30, 2021

Subscribe to Latest Legal News and Analysis

July 29, 2021

Subscribe to Latest Legal News and Analysis

Colonial Pays Millions in Ransomware Attack on Pipeline

Colonial Pipeline paid hackers a ransom of $4.4 million in bitcoin soon after discovering a cybersecurity hack on its systems that began on May 6.  The company’s acknowledgment comes after days of speculation about whether a ransom was paid to the hackers.  The company’s CEO defended the “difficult” decision to pay the ransom, maintaining he was trying to avoid widespread fuel shortages for the East Coast. Even with the ransom payment, Colonial’s pipeline was shut down for days, resulting in price spikes and shortages at gasoline stations in the Southeastern U.S. In addition to the ransom payment, Colonial also revealed it would be spending tens of millions of dollars over the next several months to restore its systems.

Meanwhile, the hacker, identified by the FBI as Darkside, a group out of Eastern Europe, lost access to its IT infrastructure and cryptocurrency funds.  Many believe that law enforcement seized the group’s assets, given that it occurred on the same day President Biden announced the U.S. would “pursue a measure to disrupt” Darkside.

There are no mandatory federal cybersecurity requirements for U.S. critical infrastructure, including the energy sector. To date, federal government agencies have issued cybersecurity guidelines for the energy sector, but since most operations are privately owned, they are not obligated to follow them.  President Biden is trying to provide funding to harden security systems in U.S. critical infrastructure.  His proposed American Jobs Plan includes $20 billion for cities and towns to strengthen energy cybersecurity and $2 billion in grants for energy grids in high-risk areas. In the interim, Biden’s recently issued Executive Order on Improving the Nation’s Cybersecurity controls how security incidents are managed and how hardware and software is used by federal government agencies. For vendors and developers who want to do business with the federal government, this means focusing on improving product security in order to win new contracts from a very large customer.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 141
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kathleen M. Porter Partner Intellectual Property Transactions  Private Equity  Intellectual Property Counseling and Protection  Trade and Antitrust
Partner

Kathleen Porter is an intellectual property and technology lawyer in the firm's Business Transactions Group and former chair of the firm’s Intellectual Property + Technology Group. Her practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security.

Her clients include precision manufacturing, life science, energy, consumer products, software, Internet and e-commerce, and other technology-driven businesses.

...

617-557-5989
Advertisement
Advertisement