Name:	GoneFishin -	Reply
Subject:	Suggestion
Date:	5/12/2021 3:32:19 PM

I set the clock for 4:30 AM and set out to fill up my truck to avoid lines or no gas. 2 stations had bags over their nozzles and found a 7-11 with gas. Suggest you may want to consider the same until the pipeline is back up..

Name:	MartiniMan -	Reply
Subject:	Suggestion
Date:	5/12/2021 4:28:26 PM

Seen the pictures of people with plastic garbage bags filled with gasoline?  Wow!  Fortunately in this case it is temporary but Colonial needs to be up and running soon or it will be a big problem.  Wonder if they paid the ransom to get control of their computer systems?  One thing we know for sure, there's a director of IT from a large pipeline company working on a resume. 

Scary how vulnerable we are to computer attacks.  Imagine an EMP.

Name:	MrHodja -	Reply
Subject:	Suggestion
Date:	5/12/2021 10:50:13 PM

EMP is a horse of a different color but I would be willing to bet folks are starting to pay a lot more attention to backup strategies, contingency plans, and the like....all things we try to bake into our DoD customers' systems.

With system images stored safely off site and distributed backup plans, a company can basically say "screw you" to the ransom bubbas and rebuild their system from scratch (hopefully with the newly found knowledge of how the miscreants managed to capture their system).

Name:	MartiniMan -	Reply
Subject:	Suggestion
Date:	5/13/2021 8:39:35 AM

I just saw a post and Colonial has a job opening for Manager of Cyber Security.  I can pretty much guess their old manager is on the street looking for a job.  That Colonial Pipeline part of his resume will not be helpful.

Name:	MrHodja -	Reply
Subject:	Suggestion
Date:	5/13/2021 9:36:47 AM

I don't know the Colonial details, but what everyone needs to understand is that the cyber bubba must have support from the corporate boardroom, because cyber hardening is an expensive undertaking.  If that support isn't there, the cyber person can yell and scream about what needs doing but their systems will remain vulnerable.

Name:	GoneFishin -	Reply
Subject:	Suggestion
Date:	5/13/2021 2:10:43 PM

They paid $5million in ransom...wonder how much hardening that would buy?

Name:	MrHodja -	Reply
Subject:	Suggestion
Date:	5/13/2021 3:03:04 PM

Not as much as you might think.  The wizards who can do that type of work (and I am not one of them) don't come cheap and it is not just a flip a switch here and another there type of effort.

That being said, that amount could surely reduce the likelihood of a successful attack.

Name:	MartiniMan -	Reply
Subject:	Suggestion
Date:	5/13/2021 8:14:02 PM

Funny thing, when I read Goofy's post what immediately came to my mind was "not as much as you think" and there it was in your post.  Understandably most people way underestimate how much companies spend on IT.  My little $20M company spent a ton of money on IT and in particular security stuff.  I would complain all the time to our IT director and he would say, pay me now or pay me later.  I paid.

Name:	MrHodja -	Reply
Subject:	Suggestion
Date:	5/13/2021 9:18:47 PM

You are wise to do so.  Else you would risk being "penny wise and pound foolish".  The DoD is in much better shape than previously, but the administrative burden compared to the incremental security gained using mandated in-place processes is way out of proportion.  If we were to cut the administrative horse hockey and spend that money on penetration testing we would be much better off.  But if we did I would be out of a job and have to retire....oh, darn :-).