Defending Against Cyberattacks: The DoD’s Renewed Focus on More Robust Cybersecurity

In the digital age, the vulnerability of critical infrastructure to cyberattacks is a pressing concern, given the cyberattack on Colonial Pipeline. Let’s dive into such an ever-evolving cybercrime ecosystem and governmental renewed focus to navigate against it!
DoD leadership team and the president
Courtesy: DoD
By | 10 min read

In the digital age, the vulnerability of critical infrastructure to cyberattacks has become a pressing concern for governments and organizations worldwide. One notable incident that brought this issue to the forefront was the cyberattack on Colonial Pipeline in May 2021.

According to a 2021 report by Cybersecurity Ventures, the global cost of cybercrime is projected to surge to a staggering $10.5 trillion annually by 2025, a drastic increase from $3 trillion in 2015. Such exponential growth underscores the magnitude of the challenge we face in safeguarding our digital infrastructure.

What makes this phenomenon even more concerning is the emergence of a cybercrime model known as Ransomware as a Service (RaaS). This model allows individuals or groups to create and sell ransomware to other criminals, enabling them to launch their own attacks.

As we explore the implications of this cybercrime ecosystem and examine the ongoing efforts to reform cybersecurity measures, we gain valuable insights into the evolving nature of government cyberattacks and the critical importance of defending against them.

The Risks of Cybersecurity Insurance: Hackers Targeting Insured Companies

As organizations increasingly turn to cybersecurity insurance as a means of mitigating financial risks associated with cyberattacks, a new set of challenges has emerged. Hackers have recognized the potential financial incentives and have started to specifically target insured companies, aiming to exploit vulnerabilities in their security defenses and maximize their illicit gains.

One significant risk of cybersecurity insurance is the concept of moral hazard. When organizations have insurance coverage, they may become less inclined to invest in robust cybersecurity measures. This false sense of security can lead to complacency in implementing necessary safeguards, making insured companies more attractive targets for hackers.

Hackers have become increasingly sophisticated in their techniques, actively seeking out companies with cybersecurity insurance. They understand that these organizations are more likely to pay ransoms or fulfill extortion demands, as the insurance policy may cover the costs. By focusing on insured companies, hackers increase their chances of success and maximize their potential financial gains.

The targeting of insured companies by hackers also highlights the potential unintended consequences of insurance policies. In some cases, insurance coverage may inadvertently incentivize ransomware attacks. Cybercriminals strategically select targets based on their perceived willingness and ability to pay. Insured organizations may find themselves targeted by hackers who view them as lucrative opportunities for financial exploitation.

The emergence of ransomware-as-a-service (RaaS) further exacerbates these risks. RaaS enables less technically skilled individuals to access and deploy ransomware, widening the pool of potential attackers. Evidence indicates that these hackers are increasingly targeting insured companies, recognizing the potential financial incentives and exploiting vulnerabilities in their security defenses.

For instance, in April 2021, cybersecurity firm eSentire reported a surge in cyberattacks on insured organizations, with the Meris botnet specifically focusing on companies with cybersecurity insurance. The botnet launched targeted ransomware attacks, taking advantage of the false sense of security that insurance coverage may create.

CISA staff in a workshop
Courtesy: CISA

Additionally, the cyberattack on CNA Financial Corporation in March 2021 further highlights this trend. CNA, a prominent insurance provider, fell victim to a ransomware attack, illustrating how hackers are even targeting insurance companies themselves.

These incidents highlight the trend of hackers tailoring their attacks to maximize profits from insured organizations. It underscores the importance of insured companies maintaining proactive cybersecurity measures, as insurance alone does not guarantee protection from determined attackers.

Fueling Cybercrime: The Impact of the Colonial Pipeline Hack on America’s Energy Infrastructure

Especially, the Colonial Pipeline hack in May 2021 had a significant impact on America’s energy infrastructure, highlighting the vulnerability of critical systems to cyberattacks. This cyberattack targeted the computer network of Colonial Pipeline, a major fuel pipeline operator in the United States, causing disruptions in the transportation of gasoline, diesel, and jet fuel along the East Coast.

The attack, carried out by the DarkSide group, a cybercriminal organization believed to be based in Russia, used ransomware to encrypt Colonial Pipeline’s computer systems. The hackers demanded a ransom payment in Bitcoin in exchange for a decryption key to restore access to the systems. In a difficult decision, Colonial Pipeline ultimately decided to pay the ransom of approximately $4.4 million to expedite the recovery process and minimize the impact on fuel supplies.

The consequences of the Colonial Pipeline hack were far-reaching. As a critical part of the nation’s energy infrastructure, the temporary shutdown of the pipeline disrupted fuel supplies, leading to panic buying, fuel shortages, and price increases in several states along the East Coast. Gas stations faced challenges in replenishing their fuel stocks, and some even had to temporarily close their operations.

The incident emphasized the systemic risks posed by cyberattacks on critical infrastructure. It highlighted the potential vulnerabilities of energy systems, which can have cascading effects on various sectors of the economy and the daily lives of citizens. The disruption of fuel supplies had implications for transportation, emergency services, and the functioning of businesses that rely on a steady fuel supply.

Furthermore, the Colonial Pipeline hack shed light on the broader issue of cybercrime and the evolving tactics employed by cybercriminals. Ransomware attacks, such as the one experienced by Colonial Pipeline, have become more sophisticated and financially motivated. Criminal organizations like DarkSide have developed business models that include targeting critical infrastructure, leveraging RaaS to maximize their profits.

CISA professionals in a discussion during meeting
Courtesy: CISA

In response to the Colonial Pipeline hack and the wider threat of cyberattacks on critical infrastructure, governments and organizations have been prompted to take action. The incident served as a wake-up call for improved cybersecurity measures, information sharing, and cooperation among stakeholders. It highlighted the need for robust defenses, incident response plans, and investment in technologies to detect, prevent, and mitigate cyber threats.

Additionally, the incident sparked discussions about the importance of resilience and diversification in energy infrastructure. It emphasized the need to explore alternative energy sources, improve the redundancy of critical systems, and enhance collaboration between government agencies, private sector entities, and cybersecurity experts to strengthen defenses and minimize the impact of future attacks.

DoD Reform: Strengthening Cybersecurity in the Face of Government Cyberattacks

The cyberattack on the Colonial Pipeline served as a wake-up call for companies and governments worldwide, prompting a renewed focus on cybersecurity. In response to the incident, numerous organizations have taken steps to enhance their cybersecurity practices and protect against similar threats. One notable example is the Biden administration’s swift action in issuing an executive order in May 2021 to strengthen the nation’s cybersecurity defenses.

The executive order outlined several key measures aimed at bolstering cybersecurity across federal networks and promoting collaboration between government and private sector entities. One significant aspect of the order was the emphasis on enhancing the security of federal networks. It directed federal agencies to modernize their cybersecurity practices, including adopting multi-factor authentication and encryption for data protection, as well as implementing endpoint detection and response systems to detect and respond to potential cyber threats.

Furthermore, the executive order sought to improve information sharing between the government and private sector entities. It called for the establishment of a Cybersecurity Safety Review Board, modeled after the National Transportation Safety Board, to facilitate the sharing of information and lessons learned from cyber incidents. The goal was to foster a culture of collaboration and knowledge exchange that could strengthen overall cyber defenses.

Another critical element of the executive order was the focus on software security. It mandated the development of baseline cybersecurity standards for software sold to the federal government, with the intention of raising the security bar and minimizing vulnerabilities in the software supply chain. By establishing clear standards, the government aims to drive improvements in the security of the software utilized across federal agencies, reducing the risk of cyber intrusions and data breaches.

The executive order highlights the commitment of the Biden administration to addressing cybersecurity risks comprehensively. It signifies a significant step towards enhancing the nation’s cyber defenses and fostering a more secure digital environment. By prioritizing the security of federal networks, promoting information sharing, and setting software security standards, the executive order aims to create a stronger cybersecurity posture for the government and drive positive changes across the public and private sectors.

Moreover, addressing the pressing issue of government cyberattacks, the Department of Defense (DoD) is undertaking a comprehensive reform effort to bolster cybersecurity measures and safeguard critical systems.

DoD professionals collaborate on projects
Courtesy: CISA

The DoD has made cybersecurity a top priority, recognizing the significant threats posed by cyberattacks. As part of its comprehensive approach, the DoD has established the Defense Cybersecurity Program (DCP), which encompasses a range of initiatives and measures to enhance cybersecurity across its networks and systems.

One notable component of the DoD’s cybersecurity strategy is the implementation of the Risk Management Framework (RMF). The RMF provides a systematic process for identifying, assessing, and managing cybersecurity risks. It enables the DoD to apply consistent and effective security controls to protect its information systems and data. By aligning with the RMF, the DoD ensures a proactive and risk-based approach to cybersecurity.

To ensure compliance with cybersecurity standards, the DoD has established the Defense Information System for Security (DISS) and the Defense Information System for Networks (DISN). These systems adhere to specific security controls and requirements outlined in the DoD Cybersecurity Discipline Implementation Plan. These controls cover various areas, including access control, incident response, encryption, and vulnerability management. By implementing these controls, the DoD strengthens its overall cybersecurity posture and safeguards its critical infrastructure.

 In terms of collaboration and information sharing, the DoD actively engages with government agencies, industry partners, and academia. One notable example is the DoD’s collaboration with the National Security Agency (NSA) through the Cyber Command. This partnership allows for the sharing of threat intelligence, joint exercises, and coordination in responding to cyber incidents.

Additionally, the DoD collaborates with defense contractors through programs like the Defense Industrial Base Cybersecurity Maturity Model Certification (CMMC). This program ensures that contractors meet specific cybersecurity requirements, bolstering the security of the defense supply chain.

Senator Joe Manchin, a politician who has served as a United States Senator from West Virginia since 2010, has been a vocal advocate for bolstering cybersecurity infrastructure and improving coordination between government agencies and private companies in the wake of the Colonial Pipeline hack.

Following the attack, Senator Manchin issued a statement highlighting the need for greater investment in cybersecurity measures to prevent similar incidents in the future. He stressed the importance of proactive efforts to strengthen defenses and enhance collaboration between government entities and private sector organizations.

Senator Manchin also expressed concern about the impact of the attack on fuel prices and the potential for supply shortages, emphasizing the need for comprehensive strategies to address vulnerabilities in critical infrastructure. His remarks underscore the urgency of taking decisive action to safeguard vital systems and ensure the resilience of the nation’s energy infrastructure in the face of growing cyber threats.

team at America's cyber defense agency
Courtesy: DoD

Senator Mike Rounds, a politician who has been serving as a United States Senator from South Dakota, has also emerged as a strong advocate for bolstering America’s cybersecurity infrastructure and has actively pursued measures to enhance the nation’s cyber defenses. Recognizing the increasing threats posed by cyberattacks, Senator Rounds has been at the forefront of efforts to increase funding for cybersecurity programs and initiatives.

One key focus of Senator Rounds’ work has been the promotion of greater collaboration between the public and private sectors. He recognizes that cybersecurity is a shared responsibility and that close cooperation between government agencies and private companies is essential to improve cybersecurity readiness. Senator Rounds has championed legislation aimed at facilitating information sharing between these entities, understanding that timely and effective exchange of threat intelligence is crucial in staying ahead of evolving cyber threats.

In his role as a senator, Rounds has consistently emphasized the need for proactive measures to address cybersecurity challenges. He has called for increased investment in cybersecurity research and development to foster innovation and the advancement of cutting-edge technologies that can enhance defense capabilities against cyber threats. By advocating for robust funding, Senator Rounds aims to ensure that the United States remains at the forefront of cybersecurity innovation and resilience.

The Bottom Lines

The Colonial Pipeline hack and subsequent cyberattacks have highlighted the urgent need for stronger cybersecurity measures and collaboration between government agencies, private companies, and legislators. The impact of these attacks extends beyond the affected organizations, with potential consequences for national security, economic stability, and public safety.

The journey toward robust cybersecurity is an ongoing endeavor. It requires continuous adaptation to emerging threats, investments in cutting-edge technologies, and the cultivation of a skilled cybersecurity workforce. Collaboration between government, industry, and academia is crucial in developing comprehensive strategies and sharing best practices to stay ahead of sophisticated cybercriminals.

As cyber threats continue to evolve, it is imperative for policymakers, industry leaders, and individuals to remain vigilant and proactive in addressing cybersecurity challenges. By working together, implementing effective cybersecurity measures, and prioritizing the protection of critical infrastructure, we can strengthen our collective resilience against cyberattacks and safeguard the future of our digital society.

  • About: Katie Le
    Join EnvZone as a Section Editor and Analyst, Katie Le manages her section’s content production from identifying and assigning content ideas up to the publication stage. Katie Le has been…