This “mission to Moscow” is not to be confused with the infamous Joseph Davies 1941 book, Mission to Moscow, which Steve calls a “novel” at the opening of this episode, because its pro-Stalinist viewpoint was fiction indeed. Our use of “mission to Moscow” serves a dual-use purpose today: while it isn’t clear whether there was Russian involvement in the ransomware attack on the Colonial Pipeline, we lean on Lucretia’s cyber-expertise to unpack the scene, as well as speculate about some deterrent measures that might be considered. Steve likes reviving the use of letters of marque and reprisal, which are explicitly authorized in the Constitution. Lucretia says everyone should change their passwords—now!

From there Steve shares a few more observations on his recent visit to New Saint Andrews College in Moscow, Idaho, a small town that in some respects resembles the other Moscow more than it ought to.

Finally, we update our “magic numbers” (who shot Ashli Babbitt, and how long Kamala, how long?), before turning to the startling New York Times article on how Biden is conducting his presidency. Despite the Times‘ sympathy for Biden, they can’t disguise the obvious fact that he needs a lot of propping up by his staff to make decisions. communicate with foreign leaders, and any public appearances. It does not inspire confidence.

Subscribe to Power Line in Apple Podcasts (and leave a 5-star review, please!), or by RSS feed. For all our podcasts in one place, subscribe to the Ricochet Audio Network Superfeed in Apple Podcasts or by RSS feed.

There are 9 comments.

Become a member to join the conversation. Or sign in if you're already a member.
  1. Al Sparks Coolidge
    Al Sparks
    @AlSparks

    I found the discussion about the Colonial Pipeline ransomware attack to be lacking.  And it’s partly because not enough information about it has been released.

    But some points I take issue with.  First, to say that Colonial Pipeline won’t reveal anything about the attack and how it happened is wrong.  They are a highly regulated and the government’s cybersecurity experts are probably all over this.  Electric utilities are the only U.S. industry that are audited by federal regulators on their cybersecurity practices, and fined for violations.

    Because pipeline companies, like electric utilities, are also regulated by the Federal Energy Regulatory Commission, I suspect that a similar compliance program is on its way for pipeline companies, especially those that cross state lines like Colonial.  It will take a year or two, but not as long as it did for electric utilities because they have a framework to work from.

    I expect that there will be a lessons learned report out as well after the problems have been fixed, if for no other reason that the government will demand it.

    Lucretia made some sweeping statements like, even if your network is totally closed, it’s still susceptible to ransomware attacks.  Well no, not really.  The point is, I guarantee that their control systems network wasn’t closed, especially if the point of entry of their attack was a Phishing email.  And if it was, then they are bordering on criminal negligence.

    There are other points of entry for such an attack.  I’m sure that the FBI is investigating the possibility that they had someone on the inside who helped, and if Colonial’s security practices were fairly good, then going that route is probably the most cost effective.

    If what has been released is true, that this is a non-state actor acting alone, then probably they found an egregious weakness in Colonial’s network infrastructure.

    Lucretia’s assessment that the future holds with cybersecurity disasters is probably wrong.  Likely there will be incidents like Colonial’s which are resolved quickly, and that will mean there will be enough warning to deal with them.

    I don’t feel that things are that bad.

    • #1
  2. OccupantCDN Coolidge
    OccupantCDN
    @OccupantCDN

    Party like its 1976! Inflation, Gas lines, Race Riots… Next disaster will be disco will be making a come back!

     

     

    • #2
  3. Steven Hayward Podcaster
    Steven Hayward
    @StevenHayward

    OccupantCDN (View Comment): My goodness! An old-fashioned music video! Just like the good old days on MTV. (And much superior to the original I think.) Next: a reboot of the movie perhaps? 
     

     

    • #3
  4. Goldwaterwoman Thatcher
    Goldwaterwoman
    @goldwaterwoman

      I always love your thoughtful and educational discussions and am a big fan of Lucretia. Today, however, it seems Lucretia barely let Steve get a word in. She is essential to making this podcast entertaining as well as informative, so forgive me for being critical of her, but Steve’s point of view needs to  be heard also.

    • #4
  5. OccupantCDN Coolidge
    OccupantCDN
    @OccupantCDN

    Steven Hayward (View Comment):

    OccupantCDN (View Comment): My goodness! An old-fashioned music video! Just like the good old days on MTV. (And much superior to the original I think.) Next: a reboot of the movie perhaps?

     

    I think she could have used more voices in the chorus – to be more in line with the original performance. She also has a killer version of the Beatles “Come Together” – but the video for that is quite spicy. But she’s a very talented singer – you’d never know it, from her performance, but English isnt her first language – she’s Ukrainian.

    Reboots seem to be all Hollywood does these days. Grease is getting a spin off tv series – so why not Staying Alive.

    • #5
  6. Steven Hayward Podcaster
    Steven Hayward
    @StevenHayward

    Al Sparks (View Comment):

    I found the discussion about the Colonial Pipeline ransomware attack to be lacking. And it’s partly because not enough information about it has been released.

    But some points I take issue with. First, to say that Colonial Pipeline won’t reveal anything about the attack and how it happened is wrong. They are a highly regulated and the government’s cybersecurity experts are probably all over this. Electric utilities are the only U.S. industry that are audited by federal regulators on their cybersecurity practices, and fined for violations.

    Because pipeline companies, like electric utilities, are also regulated by the Federal Energy Regulatory Commission, I suspect that a similar compliance program is on its way for pipeline companies, especially those that cross state lines like Colonial. It will take a year or two, but not as long as it did for electric utilities because they have a framework to work from.

    I expect that there will be a lessons learned report out as well after the problems have been fixed, if for no other reason that the government will demand it.

    Lucretia made some sweeping statements like, even if your network is totally closed, it’s still susceptible to ransomware attacks. Well no, not really. The point is, I guarantee that their control systems network wasn’t closed, especially if the point of entry of their attack was a Phishing email. And if it was, then they are bordering on criminal negligence.

    There are other points of entry for such an attack. I’m sure that the FBI is investigating the possibility that they had someone on the inside who helped, and if Colonial’s security practices were fairly good, then going that route is probably the most cost effective.

    If what has been released is true, that this is a non-state actor acting alone, then probably they found an egregious weakness in Colonial’s network infrastructure.

    Lucretia’s assessment that the future holds with cybersecurity disasters is probably wrong. Likely there will be incidents like Colonial’s which are resolved quickly, and that will mean there will be enough warning to deal with them.

    I don’t feel that things are that bad.

    Well, I’m no expert in this field, but my favorite Wall Street Journal columnist (Holman Jenkins) says pretty much the same thing as our Lucretia: https://www.wsj.com/articles/russias-hackers-unwisely-mess-with-u-s-gas-prices-11621028147

    • #6
  7. Steven Hayward Podcaster
    Steven Hayward
    @StevenHayward

    Goldwaterwoman (View Comment):

    I always love your thoughtful and educational discussions and am a big fan of Lucretia. Today, however, it seems Lucretia barely let Steve get a word in. She is essential to making this podcast entertaining as well as informative, so forgive me for being critical of her, but Steve’s point of view needs to be heard also.

    Don’t worry. I’ll get even with her!

    • #7
  8. Al Sparks Coolidge
    Al Sparks
    @AlSparks

    Steven Hayward (View Comment):
    Well, I’m no expert in this field, but my favorite Wall Street Journal columnist (Holman Jenkins) says pretty much the same thing as our Lucretia: https://www.wsj.com/articles/russias-hackers-unwisely-mess-with-u-s-gas-prices-11621028147

    I have a high regard for Holman Jenkins’s column, and follow it closely.  Jenkins mentions the Solarwinds hack as an example being “scantily informed.”   That phrasing is a bit subjective.

    This link goes to the latest official Solarwinds investigative results published on May 7th.  It’s long.  But here’s what they say on how they think they were hacked:

    We narrowed it down to three most likely candidates for initial entry, but we don’t limit the methods to these three. This excludes the possibility the initial access was through a known, unpatched vulnerability:

    • Zero-day vulnerability in a third-party application or device;
    • Brute-force attack, such as a password spray attack; or
    • Social engineering, such as a targeted phishing attack.

    While we don’t know precisely when or how the threat actor first gained access to our environment, our investigations have uncovered evidence that the threat actor compromised credentials and conducted research and surveillance in furtherance of its objectives through persistent access to our software development environment and internal systems, including our Microsoft Office 365 environment, for at least nine months prior to initiating the test run in October 2019. Based on our learnings, while unfortunate, it’s not uncommon for threat actors to be in target environments for several months to years.

    Are they hiding anything?  Maybe.  Does that constitute being “scantily informed?”  It’s a matter of opinion.

    The Solarwinds hack and the Colonial Pipeline hack are fundamentally different scenarios.  With Solarwinds, the hackers affected the software updates that Solarwinds provided customers.

    With the Colonial Pipeline attack, hackers gained access to their network and possibly gained access to Colonial’s control system.

    Here are some questions I have, that I figure will eventually be answered, even if through information leaks.

    • How much access did those working from home have to the control system? Were they able to make changes to the system from home, or were they simply able to monitor it?
      • Related question: Could the monitoring system they had be turned into a control system?
    • Did Colonial have non-corporate desktop jump hosts that provided access to their control system network? (If not, this is where they would be vulnerable to Phishing; those one-off jump hosts should not be running email clients).
    • Why did Colonial pay the ransom? Was it because their control system got compromised, or was it limited to their corporate network, such as financials?  Was it still worth it to them to pay the ransom if it was limited to the corporate network?
    • They said they shut down their pipeline because they were being cautious which brings up this question:
      • How robust was their cybersecurity staff? If they had had more expert cybersecurity employees, would they have been able to make a more educated decision as to whether their control system had been compromised?

    If you were to have a more robust discussion of the Colonial Pipeline incident, those are some of the things I would have included.

     

    • #8
  9. Bishop Wash Member
    Bishop Wash
    @BishopWash

    I like the Letters of Marque idea for computer attackers. Jonah Goldberg first brought it to my attention years ago and at least on the surface makes sense.

    • #9
Become a member to join the conversation. Or sign in if you're already a member.