Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

National Security Implications of the Colonial Pipeline Hack

By Emil Sayegh
June 01, 2021

It is difficult, if not impossible to think of a comparable cyber event to the one that effectively shut down the fuel pipeline that feeds over a third of the United States. The incident is unprecedented, and it is almost unfathomable that it occurred — despite warnings and longstanding fears about this very type of critical infrastructure incident. As the reports roll in of yet another critical widespread security incident, we are in the midst of a national cyber crisis, in addition to a border crisis, an economic crisis, and a winding pandemic. While we may have blueprints for the resolution of these other crises, things must urgently change on the cybersecurity front.

Over the last several months, major cyberattacks have been all too common mercilessly sparing no one including hospitals and schools, and even more recently an attack on JBS, the world's largest beef supplier, who was forced to close its meat processing plants in the United States and Australia. Many organizations are also still reeling from the effects of the widespread Microsoft Exchange vulnerability exploit known as "Hafnium". Affecting an untold number of companies at the core of their communications, this exploit was designed to silently steal data and it has been traced back to Chinese hacking collectives. A little further back, we found out about the SolarWinds attack, which ultimately affected thousands of companies, blinding them from their environments, injecting code and leaking data, this time tracing back to Russian sources. (For more on the SolarWinds attack, see, "How Should Directors Respond to the SolarWinds Attack," in the May 2021 issue of Cybersecurity Law & Strategy.) There is also the continual feed of ransomware incidents and a few months ago, a cyber-attack attempted to poison a water-treatment plant in Florida.

The Unthinkable

Unfortunately, Colonial Pipeline reportedly did the one thing that most security advisors and the FBI say should never be done — they paid close to $5 million in ransom to "Eastern European" hackers. (This price was apparently described as a 'bargain' based on comparisons to other ransomware attacks). This choice is only made when an organization has no strong cybersecurity plans, and no choice in the first place. Statistics show that less than 10 percent of companies that pay the ransom get all the data back they lost, and once a company pays, they will be known as a company that pays; meaning, hackers will come back for more.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Removing Restrictive Covenants In New York Image

In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?

Fresh Filings Image

Notable recent court filings in entertainment law.