May 16, 2021

Nick Merrill on the Colonial Pipeline Cyberattack

From CNN Business

Colonial Pipeline attack: A 'wake up call' about the threat of ransomware

By Clare Duffy

A relatively unsophisticated ransomware attack that caused a days-long shutdown of America's largest fuel pipeline last week — resulting in gas shortages, spiking prices and consumer panic — is exactly the sort of situation that cybersecurity experts have warned about for years.

And it could have been worse, said Nick Merrill, a researcher with the Center for Long-Term Cybersecurity at the UC Berkeley School of Information.

"The first thing that comes to my mind is: Thank God this wasn't water," Merrill said. "Unfortunately, it doesn't surprise me that this happened."

Other aging, critical utilities potentially at risk include electrical systems and nuclear power plants, Merrill said. And it's not just physical infrastructure: the hack of tools such as point-of-sale software commonly used by small businesses could wreak havoc on the economy.

Read more...

Nick Merrill is an I School alumnus (Ph.D. 2018) and lecturer, and research fellow at the UC Berkeley Center for Long-Term Cybersecurity.

Last updated: June 21, 2021