Can the recent cybersecurity attack on the Colonial Pipeline really be considered a “wake up call” if breaches within our nation’s critical infrastructure are becoming a pattern? The Colonial Pipeline disruption was a direct result of the infrastructure’s lack of cyber preparedness, and while the hackers’ motive might have been ransom money, rather than destruction driven by pure cynicism, the vulnerability is equally as alarming. This major pipeline transports 45% of the east coast fuel supply with 5,500 miles of pipelines, and was forced to cease operations temporarily due to the attack. The country watched, shocked as the Colonial Pipeline released a statement that it had been a victim of a ransomware cybersecurity attack, yet this is not a new phenomenon in today’s modern world.
The Colonial Pipeline vulnerability proved to be more disruptive and potentially disastrous than many would have thought, but again, we have seen this type of cyber attack before. This is becoming a recurring theme in the security world. In February 2021, the water treatment plant in Oldsmar, Florida was tampered with creating chaos and a need to re-evaluate outdated and laxed security protocols. Research has shown that 54 percent of the 500 critical infrastructure suppliers surveyed by the Organization of American States had reported attempts to control systems, and 40 percent have experienced attempts at shut down systems. We know our infrastructure is susceptible to these attacks, and we see them occurring with more frequency.
It’s attacks like those against the Colonial Pipeline and water treatment plant in Oldsmar that have left many wondering, “What are the government’s next steps in protecting our critical infrastructure?” As bad as the Colonial Pipeline attack was, we can expect to face even bigger problems once quantum computing becomes a staple for nefarious actors. And The National Institute of Standards and Technology’s (NIST) time frame for deploying adequate protection against quantum threats isn’t promising.
NIST’s Plan: Is There Time to Wait?
When our vulnerability is exposed, it is natural to look back and review the systems. However, frequent attacks against critical infrastructure pose an immediate need to make changes to our systems now. NIST emphasizes a quantum security plan that isn’t very time-sensitive. The adoption of standards for Post Quantum Cryptography (PQC) is projected to debut by 2024, but NIST cautions organizations that another 5-15 years will be needed before a full cryptographic transition is completed. This timing is problematic on many fronts and presents a host of adoption challenges as outlined in our previous blog post here. How then can organizations, especially those in critical industries, better protect themselves from today’s threats and the cyber attacks of tomorrow?
How to Act Now: Quantum Xchange’s Proactive Approach
Long story short — there’s no time to wait. Our nation’s vital industries must prepare now for the quantum age with ultra-secure and quantum-safe key distribution. The Phio Trusted Xchange (TX) solution uses a separate, out-of-band key distribution architecture, over a quantum-safe network, to prevent an attacker from simply copying the data and the key that protects it from a single network connection. It’s the only quantum-safe key distribution system that provides true crypto agility — meaning it can support quantum keys from any source — and can be deployed within your organization’s existing network today. Learn more about how Quantum Xchange can help lead the charge in protecting our nation’s critical infrastructure with Phio TX.