Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 40 original podcasts with new episodes released every day.
This “mission to Moscow” is not to be confused with the infamous Joseph Davies 1941 book, Mission to Moscow, which Steve calls a “novel” at the opening of this episode, because its pro-Stalinist viewpoint was fiction indeed. Our use of “mission to Moscow” serves a dual-use purpose today: while it isn’t clear whether there was Russian involvement in the ransomware attack on the Colonial Pipeline, we lean on Lucretia’s cyber-expertise to unpack the scene, as well as speculate about some deterrent measures that might be considered. Steve likes reviving the use of letters of marque and reprisal, which are explicitly authorized in the Constitution. Lucretia says everyone should change their passwords—now!
From there Steve shares a few more observations on his recent visit to New Saint Andrews College in Moscow, Idaho, a small town that in some respects resembles the other Moscow more than it ought to.
Finally, we update our “magic numbers” (who shot Ashli Babbitt, and how long Kamala, how long?), before turning to the startling New York Times article on how Biden is conducting his presidency. Despite the Times‘ sympathy for Biden, they can’t disguise the obvious fact that he needs a lot of propping up by his staff to make decisions. communicate with foreign leaders, and any public appearances. It does not inspire confidence.
Subscribe to Power Line in Apple Podcasts (and leave a 5-star review, please!), or by RSS feed. For all our podcasts in one place, subscribe to the Ricochet Audio Network Superfeed in Apple Podcasts or by RSS feed.
I found the discussion about the Colonial Pipeline ransomware attack to be lacking. And it’s partly because not enough information about it has been released.
But some points I take issue with. First, to say that Colonial Pipeline won’t reveal anything about the attack and how it happened is wrong. They are a highly regulated and the government’s cybersecurity experts are probably all over this. Electric utilities are the only U.S. industry that are audited by federal regulators on their cybersecurity practices, and fined for violations.
Because pipeline companies, like electric utilities, are also regulated by the Federal Energy Regulatory Commission, I suspect that a similar compliance program is on its way for pipeline companies, especially those that cross state lines like Colonial. It will take a year or two, but not as long as it did for electric utilities because they have a framework to work from.
I expect that there will be a lessons learned report out as well after the problems have been fixed, if for no other reason that the government will demand it.
Lucretia made some sweeping statements like, even if your network is totally closed, it’s still susceptible to ransomware attacks. Well no, not really. The point is, I guarantee that their control systems network wasn’t closed, especially if the point of entry of their attack was a Phishing email. And if it was, then they are bordering on criminal negligence.
There are other points of entry for such an attack. I’m sure that the FBI is investigating the possibility that they had someone on the inside who helped, and if Colonial’s security practices were fairly good, then going that route is probably the most cost effective.
If what has been released is true, that this is a non-state actor acting alone, then probably they found an egregious weakness in Colonial’s network infrastructure.
Lucretia’s assessment that the future holds with cybersecurity disasters is probably wrong. Likely there will be incidents like Colonial’s which are resolved quickly, and that will mean there will be enough warning to deal with them.
I don’t feel that things are that bad.
Party like its 1976! Inflation, Gas lines, Race Riots… Next disaster will be disco will be making a come back!
I always love your thoughtful and educational discussions and am a big fan of Lucretia. Today, however, it seems Lucretia barely let Steve get a word in. She is essential to making this podcast entertaining as well as informative, so forgive me for being critical of her, but Steve’s point of view needs to be heard also.
I think she could have used more voices in the chorus – to be more in line with the original performance. She also has a killer version of the Beatles “Come Together” – but the video for that is quite spicy. But she’s a very talented singer – you’d never know it, from her performance, but English isnt her first language – she’s Ukrainian.
Reboots seem to be all Hollywood does these days. Grease is getting a spin off tv series – so why not Staying Alive.
Well, I’m no expert in this field, but my favorite Wall Street Journal columnist (Holman Jenkins) says pretty much the same thing as our Lucretia: https://www.wsj.com/articles/russias-hackers-unwisely-mess-with-u-s-gas-prices-11621028147
Don’t worry. I’ll get even with her!
I have a high regard for Holman Jenkins’s column, and follow it closely. Jenkins mentions the Solarwinds hack as an example being “scantily informed.” That phrasing is a bit subjective.
This link goes to the latest official Solarwinds investigative results published on May 7th. It’s long. But here’s what they say on how they think they were hacked:
Are they hiding anything? Maybe. Does that constitute being “scantily informed?” It’s a matter of opinion.
The Solarwinds hack and the Colonial Pipeline hack are fundamentally different scenarios. With Solarwinds, the hackers affected the software updates that Solarwinds provided customers.
With the Colonial Pipeline attack, hackers gained access to their network and possibly gained access to Colonial’s control system.
Here are some questions I have, that I figure will eventually be answered, even if through information leaks.
If you were to have a more robust discussion of the Colonial Pipeline incident, those are some of the things I would have included.
I like the Letters of Marque idea for computer attackers. Jonah Goldberg first brought it to my attention years ago and at least on the surface makes sense.