What the Colonial Pipeline Affair Has Disclosed

May 21, 2021

I worked through some of the analyses of the Colonial Pipeline event. You can get the “predictive analytics” view in Recorded Future’s marketing-centric blog post “DarkSide Ransomware Gang Says It Lost Control of Its Servers & Money a Day after Biden Threat.” You can get the digital currency can be deanonymized view in the marketing-oriented “Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other Dark Side Ransomware Victims.” You can get the marketing-oriented “Colonial Pipeline Ransomware Attack: What We Know So Far.” Please, read these after-action reports, pull out nuggets of information, and learn how well hindsight works. What’s hindsight? Here’s a definition:

the ability to understand an event or situation only after it has happened (Cambridge.org)

The definition edges close to the situation in which cyber security (not Colonial) finds itself; namely, I have seen no names of the individuals responsible. I have seen no identification of the sources of funding and support for the group responsible. I have seen no print outs illustrating the formation of the attack plan or of the log data making explicit an attack was underway.

The cyber security industry is a club, and the members of the club know their in-crowd has a license to send invoices. Not even IBM in its FUD days could have created a more effective way to sell products and services. These range from real time threat intelligence, to predictive reports explaining that lighting is about to strike, or smart autonomous cyber nervous systems sounding alarms.

Nope, not that I have heard.

Here are some issues which Colonial raised when I participated in a conference call with a couple of LE and intel types less than 24 hours ago:

  1. The existing threat intelligence, Dark Web scanners, and super AI infused whiz bang systems don’t work. They missed SolarWinds, Exchange Server, and now the Colonial Pipeline affair. Yikes. Don’t work? Right. Don’t work. If even one of the cyber security systems “worked”, then none of these breaches would have be possible. What did I hear in Harrod’s Creek? Crickets.
  2. In the case of Colonial, how much of the problem was related to business matters, not the unknown, undetected wizards of Dark Side? Who knows if the bad actors were the problem or if Colonial found the unpleasantness and opportunity for some breathing room for other activities? Where are the real journalists from Bloomberg, the New York Times, the Wall Street Journal, the Washington Post, et al? Yep, sources produced nothing and now the after action analyses will flow for a while.
  3. What about the specialist firms clustered in Herliya? What about the monitoring and alerting systems among Cambridge, Cheltenham, and London? What about the outfits clustered near government centers in Brussels, Berlin, and Prague? I have not heard or seen anything in the feeds I monitor. Zippo.

Let’s step back.

The current cyber security set up is almost entirely reactive. Any breach is explained in terms of China, Iran, and Russia. Some toss in Iran and North Korea. Okay, add them to the list of malefactors. That does not change the calculus of these escalating cyber breaches.

The math looks like this: 1 + 0 = 32

Let me explain:

The “1” represents a cyber breach

The “0” represents the failure of existing cyber security systems to notice and/or block the bad actor’s method

The 32 means the impact is exponential—in favor of the bad actors.

With no meaningful proactive measures working in a reliable function, the cyber security systems now in place are sitting ducks.

Some body said, “Our reaction to a situation literally has the power to change the situation itself.” Too bad this aphorism is dead wrong.

When the reactions are twisted into marketing opportunities and the fix does not work, where are we? I would suggest in a place that warrants more than sales lingo, jargon, and hand waving.

The talk about cyber security and threat intelligence sounds similar to the phrase, “Please, take off your shoes.”

Stephen E Arnold, May 21, 2021

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta