Frank Kendall,
Secretary,
US Air Force
Defense Officials Concerned Over Military’s Cyber Vulnerability Following Colonial Pipeline Hack
Top defense officials have raised concerns about the vulnerability of military networks and infrastructure to cyberattacks months after the ransomware attack on Colonial Pipeline.
The May cyberattack, which was linked to a Russian criminal group, forced the pipeline operator to temporarily shut down operations for more than a week, disrupting gas supplies and raising fuel prices. Colonial Pipeline was reported to have shelled out $5 million in ransom money.
Air Force Secretary Frank Kendall described the incident as “just the tip of the iceberg” and acknowledged that competitors may be able to steal or manipulate critical data to disrupt the country’s military operations, Breaking Defense reported.
“Our adversaries can be assumed to be able to disrupt our networks right now, because we have not sufficiently guarded against an attack,” Kendall, a past Potomac Officers Club speaker and three-time Wash100 winner, said at the recent National Defense Transportation Association conference.
He was particularly worried about potential disruptions to the Department of Defense’s supply chain, which he believes would have devastating consequences during wartime.
Air Force Gen. Jacqueline Van Ovost, who heads the Air Mobility Command, shared Kendall’s sentiments and pointed to the Colonial Pipeline hack as an example of the “growing threat” of cyberattacks.
Lawmakers and federal agencies have been on the move since the cybersecurity incident.
The Transportation Security Agency has released cybersecurity rules requiring pipeline companies to report confirmed and potential cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency, such as unauthorized system access, malicious software detection, denial-of-service attacks and physical attacks on network infrastructure.
Sens. Gary Peters and Rob Portman have also introduced legislation that would mandate critical infrastructure operators to report internal cyber breaches to the Cybersecurity and Infrastructure Security Agency within the first 72 hours of detection.
Category: Speaker News