Aperture Podcast: Adm. Mike Rogers on Ransomware and OT
By Michael Mimoso | June 28, 2021
The pain of ransomware in 2021 has been acute for industrial enterprises such as Colonial Pipeline and JBS Food, both of which were impacted by these extortion attacks to the point where critical distribution and delivery of fuel and food were impacted.
These attacks have resurfaced a number of debates between security experts and those on the front lines of these businesses about defensive strategies and whether to pay ransom demands in order to promptly resume production, among others. The U.S. government has also injected itself into the conversation, with several cybersecurity-related actions meant to improve information sharing between the private sector and government and funnel much needed money and intelligence to under-funded security organizations managing operational technology (OT).
In this episode of Claroty’s Aperture podcast, retired Adm. Mike Rogers, former director of the National Security Agency and commander of U.S. Cyber Command, lends his experience to help unpack these complicated discussions.
Rogers shares insights from his decades of military and command experience pointed at decision makers, including those in the private sector who manage critical infrastructure that impacts not only public safety, but also national security.
Colonial Pipeline’s decision, for example, to shut down operations out of an abundance of caution following the May ransomware attack impacting its IT systems was noteworthy. Colonial controls a significant portion of fuel distribution for the east coast of the U.S., including gasoline, home heating fuel and jet fuel, and made a unilateral decision to shut down distribution.
“As I look at that, I say ‘Hmm,’” Rogers said. “Think about the economic and national security implications of that. Are we as a nation comfortable with the idea that when it comes to critical infrastructure, companies are just going to unilaterally do what they want or feel is appropriate? They thought about it and clearly did what they thought was appropriate. I just think to myself, I’m not sure this is the best methodology, particularly in some areas where the economic impact or national security implications are so high.”
Other topics from the discussion include:
- The role of the U.S. government going forward with incidents of this magnitude
- The efficacy of the TSA Directive, the 100-day sprint to improve grid cybersecurity, and the cybersecurity executive order
- The debate over whether to pay ransoms or extortion demands
- The role of cyber-insurance and the need to dissuade enterprises from relying on insurance as a control mechanism
- The importance of building a resilient OT infrastructure, and what that exactly means