Colonial Pipeline Attack: Getting to the Root Cause

A recent article provides an excellent analysis of the Colonial Pipeline ransomware attack. Underlying the analysis is that, absent the use of public-key infrastructure (PKI), none of these attacks would have happened. More worrisome is that virtually every recently breached entity (and virtually every enterprise worldwide) uses PKI as the backbone of its cybersecurity system.

The asymmetric key infrastructure in PKI has become the primary vulnerability in our cybersecurity threat surface. It is the first point of penetration in most successful attacks. This infrastructure has essential components that we are incapable of protecting to the degree required and have become easy to exploit.

Chief among these is the private key we must protect, store and keep secret. If this key is acquired by an attacker, they gain access to our networks. Not only are these keys stored, but they are typically durable. Workarounds like multifactor authentication and out-of-band authentication are a recognition of this weakness, but they are limited and don’t work well when there are tens or hundreds of thousands of endpoints in constant need of authentication.

PKI originated in 1974 and became the foundation of the RSA Corporation. The patents and the efficacy of the concept for securing a network have both long since expired. At the time of PKI’s creation, there was no Internet, no cell phones and no need for cybersecurity.

The use to which PKI is being put today was not and could not be envisioned at the time of its creation.

PKI has become a double-edged sword with the sharper edge being wielded by the attackers. Until it is removed and replaced, the attackers will continue to dominate the cyber landscape.