The successful cyberattack on the Colonial Pipeline underscores the vulnerability of our critical infrastructure.
Most probably, the pipeline was as well protected from cyberattack as it could have been. Nevertheless, the current state-of-the-art still favors the attacker over the defender. Even the most conscientious CISO is inherently exposed because of the built-in vulnerability that resides in public key infrastructure (PKI).
PKI is widely used as a front line of defense but cannot be corrected to protect critical assets. Designed in the 1970’s, PKI was never intended for tasks it is used for today. PKI is a primary point of attack and the most common point of leverage in over 80% of all breaches. None of the efforts to-date to mitigate this vulnerability have had any meaningful effect.
It’s time to come to grips with the hard reality that PKI must be abandoned and replaced, not simply patched—only to await the next slew of attacks.
There is simply no other way.