ST. LOUIS, MISSOURI -- The recent ransomware attack on the Colonial Pipeline is a security breach of deep concern – particularly as it could have been limited.
According to a media statement from Colonial Pipeline, the company admitted it was forced to take ‘all pipeline operations’ offline after falling victim to ransomware that infected its IT systems, threatening the supply of refined petroleum products – including gasoline, diesel and jet fuel – across the US Eastern Seaboard.
However, the installation of simple hardware known as HardSec – or Hardware-based Security – could have deterred the remote attackers from exploiting flaws in the Colonial system.
“The lack of adequate cybersecurity on a critical system such as the Colonial Pipeline is deeply concerning, and could have been dramatically reduced,” states Dr. Ron Indeck, CEO of Q-Net Security.
“Consumers should be asking why Colonial Pipeline Company had not taken the simple step of installing hardsec devices to secure such a vital and sensitive piece of US infrastructure,” he said.
Increasingly, consumers are no longer accepting that cybersecurity attacks are inevitable. The hack on Accellion systems in February 2021 prompted a class-action lawsuit, asserting the company was negligent for failing to properly secure its systems.
“All security software, by its nature, can be re-written; as such, all software-based cybersecurity solutions are vulnerable to hackers. But the new class of simple, cost-effective, US-made hardware-based solutions – such as Q-Net Security’s Q-Box – could have protected the Colonial Pipeline operational systems, and reduced the impact of the attack”, added Dr. Indeck.
Hardsec has already been adopted by utilities and other US Government Agencies to secure critical national infrastructure.
“Until hardware-based security is implemented, all companies must ask themselves if they, too, are at risk of future cyberattacks – and in the case of major infrastructure, regulators and the public should be asking this, too”.
Statement issued 8 May 2021 from Q-Net Security