Pipeline ransomware attack shows US economy's soft digital underbelly

Jon Talton, The Seattle Times on

Published in Business News

In 2019, Accenture predicted that cybercrime would cost companies $5.2 trillion worldwide within five years. Some 43% of attacks were against small businesses, while only 14% were prepared to repel them. Hiscox, an insurer, said the average cost of a digital attack was $200,000. That's easily enough to put many small companies out of business; many aren't covered by insurance for cybercrime or can't afford it.

It's a Wild West of sublethal international conflict out there. The weaponized malware called Stuxnet set back Iran's nuclear program in 2009, followed by other cyberattacks; Israel and the United States were seen as carrying them out. Chinese, Russian and North Korean hackers have targeted us, including penetrating government sites and conducting industrial espionage.

It's not a leap to predict that the next major war will be fought heavily in cyberspace. Before the first shots are fired, an opponent might try to blind the enemy's satellites by cybermethods, and use secreted malware that wrecks the capabilities of such advanced weapons as the F-35 Joint Strike fighter and shuts down the U.S. electrical grid. We, no doubt, would try the same.

The result might be more bloodless than previous wars. Unless, that is, a blinded nation fears it's being targeted for a nuclear strike — then all bets are off.

Longtime readers remember one of my favorite stories about the dangers of techno-magic. In the television series "Battlestar Galactica," Admiral Adama (played by Edward James Olmos) refused to allow his ship to be networked. As a result, the aging Galactica was the only warship to survive the deadly Cylon surprise attack that depended on an advanced, networked fleet.

But in the real world, we're living more than ever online and in the cloud.


President Joe Biden and Congress are under pressure to do more to protect us. The administration is committed to "a global effort" to fight ransomware attacks. That includes criminal prosecutions, going after hacker money laundering, and greater disclosure of breaches.

In 2019, Congress created the Cyberspace Solarium Commission to develop better defenses against major hacks, to prevent "a cyber 9/11." But only about half of its recommendations have been implemented. That fits a pattern of paralysis going back to 2010. Since then the Government Accountability Office has offered 3,300 recommendations for agencies to protect themselves. Yet at least 750 had not been put in place as of 2020.

"Although the federal government has made selected improvements, it needs to move with a greater sense of urgency commensurate with the rapidly evolving and grave threats to the country," the GAO said.

And this is only in the federal government, not state or local government, not in the private sector overseeing critical infrastructure. An enormous workload awaits those charged with keeping ahead of cybercriminals.

It's enough to keep you up at night. Or, in the daytime, be extra suspicious of potential malware showing up as a legitimate-looking email.

©2021 The Seattle Times. Visit Distributed by Tribune Content Agency, LLC.