Pipeline Attack: 'Time for a Disproportionate Response'Philip Reitinger of Global Cyber Alliance on Responding to Latest Ransomware Incident
It’s serious, impactful and raises new questions about critical infrastructure protection. But don’t tell Philip Reitinger of the Global Cyber Alliance that the Colonial Pipeline ransomware attack is any kind of a “wake-up call.” He says we’re long past that.
These type of attacks have been common since 1997, Reitinger says, so “if anybody is surprised, you’re just not paying attention.”
The potential economic impact of a long-term shutdown is concerning, but what Reitinger fears the most from the Colonial Pipeline attack is copycat strikes.
“It’s now clear that this sort of disruption can be significant,” he says. “While I’m sure the most sophisticated actors were thinking about it, are individual people, or smaller groups - terrorist or criminal groups - now thinking, ‘Hey, this is a way that we can make a name for ourselves'?"
Reitinger also believes the attack is serious enough to require a disproportionate response.
“These sorts of attacks that could have national economic consequences absolutely call for … an overreaction on behalf of government,” Reitinger says. “It’s time for a disproportionate response.”
In this video interview, Reitinger discusses:
- Why this attack rates a 3 on a scale of 1-5;
- Questions that all enterprises need to be answering;
- How the U.S. should respond to such an attack on critical infrastructure.
Reitinger is president and CEO of the Global Cyber Alliance, a nonprofit organization focused on eradicating systemic cybersecurity risks. He also serves on the advisory boards of several companies and mentors startups and is a senior associate (nonresident) at the Center for Strategic and International Studies. He formerly held senior cybersecurity positions at VisionSpear LLC, Sony and Microsoft. In addition, Reitinger in 2009 was appointed as the deputy undersecretary for the national protection and programs directorate at the Department of Homeland Security. He also served as the first executive director of the Department of Defense's cybercrime center and as deputy chief of the computer crime and intellectual property section at the Department of Justice.