Somewhere Between Incompetence And Dereliction
When I worked in IT, I was in and out of both the security and contingency planning areas between the early 1980s and early 2000s. I was in at the start of both fields, and I followed them through the transition from IBM mainfrane to Unix and Windows networking. In light of my experience, I've had some big questions about the story we've been getting about the Colonial Pipeline hack. On one hand, a corporation is prudent to minimize the amount of public information it releases about its internal operations. On the other, based on what I read, I've got to think that at some point, the Colonial board of directors will need to clean house thoroughly. You don't pay $5 million ransom just like that, after all. The broad outlines of the picture so far are all we've been told: somehow, some freelance Russian hackers were able to disable the company's software that controls its pipeline operations, they demanded a ransom to have the system restored, and the company ...