The ransomware attack on the Colonial Pipeline, which has sparked fears of a gasoline shortage, exposes vulnerabilities within critical infrastructure systems in the U.S., according to a West Virginia University cybersecurity expert.
Ransomware – a cyber attack designed to render files and systems unusable until the target pays a ransom – are growing, said Katerina Goseva-Popstojanova, a computer science professor who oversees a National Science Foundation-funded project at WVU that prepares students for cybersecurity jobs.
"There is an explosion of ransomware attacks, including to critical infrastructure such as pipelines, electric grids, water treatment facilities and hospitals. Typically, the goal of the ransomware attacks is extortion for financial gain but they may also aim at the control systems of the critical infrastructure and other cyber-physical systems, leading to direct disruption of service."
"It appears that the Colonial Pipeline attack was due to poor cybersecurity practices, which made breaking into the company computer systems and infecting them with ransomware fairly easy.
"Instead of reacting to attacks, a proactive approach is needed that would improve the cybersecurity practices and make the systems resilient to ransomware and other types of attacks. In addition, public-private partnerships are crucial for hardening the protection of the critical infrastructure and ensuring uninterrupted service." - Katerina Goseva-Popstojanova, Professor, Lane Department of Computer Science and Electrical Engineering, WVU Benjamin M. Statler College of Engineering and Mineral Resources