How Vulnerable Is Critical Infrastructure?Research Analyst Richard Stiennon Discusses Implications of Colonial Pipeline Attack
The recent Colonial Pipeline ransomware attack illustrates the vulnerability of the nation's critical infrastructure, says Richard Stiennon, a research analyst and the author of "Security Yearbook 2021: A History and Directory of the IT Security Industry."
"A targeted attacker who was at least as knowledgeable as the NSA [National Security Agency] could figure out what's needed to be done to cause tremendous havoc," Stiennon says. "A pipeline is one thing; a power station, the signals for trains, the air traffic control system - everything that makes our lives move smoothly is connected to control systems, which are run by essentially mini computers that are completely vulnerable.”
In a CyberTheory interview conducted by Information Security Media Group, Stiennon discusses:
- The vulnerability of U.S. critical infrastructure;
- The possible motivations behind the attack;
- How we should respond to our adversaries.
Stiennon is the chief research analyst for IT-Harvest, a firm he founded in 2005 to study the more than 2,600 vendors in the IT security industry. He formerly held leadership positions at PricewaterhouseCoopers, Webroot and Fortinet. He also was a research vice president at Gartner's IT security research practice and held various CMO and CSO roles.