Cyber Daily: Colonial Pipeline Missed Requested Security Review Before Hack

May 27, 2021 9:16 am ET | WSJ Pro

Hello. Officials from Colonial Pipeline and the TSA, which oversees the security of pipelines, have discussed a missed security review of the company last year in recent briefings with lawmakers, WSJ Pro’s David Uberti reports. It isn’t clear if the assessment would have made a difference when ransomware attackers hit Colonial this month.

Other news: Google and hospital chain to use patient records to build algorithms; WhatsApp pushes back on India’s new laws; Tesla’s data promise in China; and more. Join us on Wednesday: Our virtual WSJ Pro Cybersecurity Executive Forum features main-stage interviews, audience Q&A and peer breakout groups.

Cybersecurity Oversight

Colonial Pipeline Co. last year didn’t undergo a requested federal security review of its facilities and was in the process of scheduling a separate audit of its computer networks when hackers hit on May 7. It is unclear if an assessment by the Transportation Security Administration, which oversees pipeline security, would have uncovered digital weak points exploited in a hack that U.S. officials attributed to a criminal group known as DarkSide.

While electric utilities face federal cyber requirements, mandatory audits and potential seven-figure fines for violations, regulators have taken a hands-off approach to pipelines and allow companies to set many of the terms of their own oversight.

Officials from Colonial and the TSA have discussed last year’s missed security review in a series of briefings in recent weeks with the U.S. House Homeland Security Committee, according to people familiar with the matter. Read the full story.

More Cyber and Privacy News

Patient privacy: Google and hospital chain HCA Healthcare Inc. plan to develop healthcare algorithms using patient records. HCA, which runs about 2,000 locations in 21 states, would consolidate and store with Google data from digital health records and internet-connected medical devices under the multiyear agreement. (WSJ)

Google and HCA engineers aim to help improve operating efficiency, monitor patients and guide doctors’ decisions.

The companies say they do and will comply with the federal health-privacy law, known as the Health Insurance Portability and Accountability Act.

WhatsApp says it filed a lawsuit in India to prevent tracing of encrypted messages. The Facebook -owned messaging service, by far the largest in India, says new rules from India’s Ministry of Electronics and Information Technology violate Indian law because tracing individuals’ messages would violate their fundamental right to privacy.

The country is committed to ensuring the right of privacy to all its citizens but at the same time needs to have the means and necessary information to ensure public order and maintain national security, the ministry said. (WSJ)

Code red: The U.S. Coast Guard is building its own so-called red team, to perform penetration tests of its networks and systems. (Federal News Network)

Staying local: Tesla said all data generated from cars it sold in China will be stored in a new data center there. The move by the U.S. electric-car maker follows government and public scrutiny in China of its handling of potentially sensitive information about vehicle users, car performance and geographical data. (WSJ)


Average paid loss from insurers for a cyber claim in 2020, according to research from Fitch Ratings Inc.

That is up from £145,000 in 2019.

Copyright (C)2020 Dow Jones & Company, Inc.

All Rights Reserved.


Leave a Reply

Your email address will not be published. Required fields are marked *