back to article Colonial Pipeline faces nearly $1m fine one year after ransomware attack

Colonial Pipeline is facing an almost $1 million fine for control room management failures after the US Department of Transportation alleged they contributed to the nation's fuel disruption in the wake of the 2021 ransomware attack. On Thursday, the department's Pipeline and Hazardous Materials Safety Administration issued a …

  1. Binraider Silver badge

    The fine here is surely just symbolic. The cost of the downtime would have been many times greater than the fine. If Risk = Probability * Consequences, and, the probability is measured in the one-in-thousands generally, this does not incentivise action almost irrespective of the consequences.

    Whether that probability is accurate is a whole other question; and hard to forward forecast.

    Speaking as someone that does this sort of assessment for a living, being pessimistic has kept the various orgs I've worked for reasonably successful. Include big fines and/or reputational damage in the consequences and your answer changes...

  2. DS999 Silver badge

    That'll teach them

    A $1 million fine for a company that generated over $400 million in profits to their owners each of the last two years. The fine should at least be higher than the $5 million ransomware payment and unknown amount of lost profits, but even then if the total is less than the cost of taking cyber security seriously they won't change their practices and will remain vulnerable to another attack.

    If instead of a fine they were restricted in their ability to win approval for new sections of pipeline, had to perform inspections more often, etc. as the price they might change their ways. The one thing companies like that fear is increased regulatory oversight. Promise them that when they can pass an independent third party security review those measures would be lifted.

  3. Lon24

    Sorry, I didn't get that.

    I presume the simple way to win the race against the legitimate DNS responder is to get a friend to DDOS it at the same time. Or just a modest attack to slow it down for a few seconds so no one noticed or was alarmed by it.

  4. Gene Cash Silver badge

    Colonial Pipeline

    People putting very large amounts of gasoline into plastic bags in the back of their cars was the best part.

    I'm still amazed at the lack of subsequent "car explodes into huge fireball" stories.

    1. Richard 12 Silver badge

      Re: Colonial Pipeline

      Turns out that reality isn't the same as Hollywood.

      Plastic bags filled with petrol only do the fireball thing if you burst them with pyrotechnics. Otherwise you just get the normal fires and life-changing injuries.

      1. SImon Hobson Bronze badge
        Mushroom

        Re: Colonial Pipeline

        See Flame fougasse

        Icon ? Well you really don't want to be anywhere near one when it goes off.

        1. Claptrap314 Silver badge

          Re: Colonial Pipeline

          I THINK you're providing an example of what he just described.

          But if you are suggesting he is wrong, I raise you air-fuel bomb--except of course, neither of these prove him wrong.

          1. SImon Hobson Bronze badge
            Facepalm

            Re: Colonial Pipeline

            Yes indeed, I was doing so - reference to a good read on how such things work.

            F-A bomb, different animal, and I'd want to be in the firing line of one of them even less (if that's possible).

            For good measure, there's also BLEVE events, which more or less make a flame fougasse without needing the explosives (and without providing any sort of finesse over timing).

            Hmm, now I'm finding this level of knowledge to be ... slightly worrying

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like