Skip main navigation

Case study 2: the Colonial Pipeline ransomware attack

Provide an overview of the Colonial Pipeline case study, including implications of the ransomware attack.
Oil pipeline crossing green fields

In May 2021, the Colonial Pipeline, a vital oil pipeline that delivers oil from the Gulf of Mexico to the U.S. east coast, suffered a ransomware attack that left its crucial IT systems inoperable.

All the devices used to run the oil pipeline are controlled by computers connected to the organisation’s network, which made the pipeline itself vulnerable to this malicious cyber attack.

The company paid the ransom in Bitcoin as demanded by the attackers in order to regain access to these systems. This attack on a critical infrastructure generated considerable interest among cyber security experts, business leaders, regulatory bodies, and governments across the world.

The Colonial Pipeline hack made news for unique reasons:

  • It is the largest publicly disclosed cyber attack against critical infrastructure in the U.S.
  • The attack involved multiple stages against Colonial Pipeline IT systems.
  • The pipeline’s operational technology systems that move oil were not directly compromised during the attack.
  • The hackers’ demands were initially met, but the federal authorities have taken steps to recover nearly half of the ransom paid. This has disproven the claim that ransoms paid in Bitcoin cannot be recovered due to its opaqueness and the anonymity of transactions.

In the aftermath of the attack, the U.S. government thoroughly reviewed the issues that led to the ransomware on critical infrastructure and issued an executive order to U.S. government agencies to take proactive steps to increase cyber security. This order also advocated using a Software Bill of Materials (SBOM) that enforces the software builder to ensure all its components are up-to-date and are able to respond quickly to new vulnerabilities. This also provided benefits to the buyers of the software as they were able to use SBOM to perform vulnerability or license analysis to evaluate the overall risk in a product.

As a result, software builders were rushed into considering strategies that would make them build software with no vulnerabilities, thereby making these products less risky for buyers. This has made Security by Design a preferred concept for software developers.

Want to know more?

Read

Read this article to learn about the cause and impacts of the Colonial Pipeline attack and other critical infrastructure cyber security breaches: Kerner, SM 2022, Colonial Pipeline hack explained: Everything you need to know, TechTarget, 26 April 2022.

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now