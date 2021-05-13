The intentional shutdown of the Colonial Pipeline on May 7 due to a cyber attack has hit home, with limited access to gasoline and diesel locally.
Gas stations locally that didn't completely run out of fuel were forced to put limits on how much a customer could pump following closure of the pipeline, which supplies gas and diesel from Texas to New Jersey.
The company shutdown the line because of a cyber attack launched from another country. Investigators said hackers in Russia got into Colonial’s computer system and scrambled it up, then demanded ransom money to undo it.
The result of some keystrokes clicked thousands of miles away, soon spilled into everyday life here — and it will probably, in some form, happen again, experts said. Such ransomware attacks are becoming more common. For hackers there is a buffet of vulnerable systems and not enough qualified people to protect them.
Recently, grad students from Charleston Southern University’s Department of Computer Science conducted a study, “Evaluation of Trust Worthiness of State and County Government Websites.” The yearlong study uncovered disturbing results.
“We created a benchmark to investigate the government websites all over the United States and we found that only a few state websites are secure enough based on our benchmark,” said Dr. Yu-ju Lin, director of graduate study in computer science at CSU, who co-authored the results.
The findings will be presented at an international cybersecurity conference in July.
To see if the government systems could be exploited, the study hunted for issues with legacy software — software or hardware that is outdated but still commonly used by industry and government. The work included putting together a program to send out to over 3,000 state and local government domains and determine if those sites were able to be attacked.
“Only one state’s website security is getting a passing grade, the rest of them are all failing. That’s very terrible,” Lin said. “The rest of the government owned websites are vulnerable to all kinds of legacy exploits. So if government websites are in this state, the general industry websites are the same.”
The study discovered problems that included, outdated government software not using basic encryption and being authenticated or digitally certified by a foreign government. The paper concluded more federal assistance and more mandates are needed to get weak systems up to date.
“The industry and the government websites need to constantly monitor the state of their cybersecurity and their websites,” he said.
But who will do it? With a shortage of cybersecurity workers nationwide, thousands are needed to handle it all. Undergrads majoring in the field are highly sought after.
CSU has 38 students in the program, and Lin said one person recently was hired by the federal government before she graduated.
The biggest problem, Lin said, is there are not enough math and science students to feed the need and they aren’t ready for the so-called four steps, when it comes to cyber protection: "Hedge, upgrade, close and kill."
"Most of the people do not know how to carry out these four steps," Lin said. "They need proper math, they also need to understand how a computer works, how programs work and how to write programs.”
Lin concluded, “If a company wants to protect their website and they are not hiring cybersecurity related students, they will have difficulties carrying out those four steps.”