 |
| By Day Keeps the Free Market Working By Night Redeems Children's Teeth for Cash |
At first glance this seemed to be “Sun rises in the East, sets in the West” article as the vulnerability of American infrastructure to cyber threats has been repeatedly “exposed”.
The Colonial Pipeline incident is not the first cyberattack rodeo in the USA as the authors note:
Since 2019, US critical infrastructure targets have suffered about 700 ransomware attacks, including 100 this year, according to data from Temple University in Philadelphia.
As I read on, it seemed more properly that the article exposed two key reasons why incidents like these occur and, thus, why infrastructure is insecure.
Key reasons outlined below in bold. Quotes from the article in the list below each “point”.
Woefully and Criminally Unprepared
Just a quarter of companies in traditional infrastructure businesses, including oil and gas, utilities and healthcare, were properly braced for an attack, estimated Matias Katz, chief executive of the cyber security group Byos.
The oil and gas sector has been criticised for lax cyber security regulation.
Governments have responsibility for being asleep at the switch on regulation.
Though as Milton Friedman would tell you, if he could, there is no need for government regulation as the “Free” Market solves problems like this all on its own.
It’s all about the Benjamins.
But reconfiguring traditional security systems to account for the ever-changing nature of cyber threats is costly.
Pipeline infrastructure is largely operated by private capital, so there is often a drive to cut costs where possible.
Or, in small words, private companies avoid spending the money.
As evidenced in the first point above, an estimated 75% of infrastructure operators.
So it’s not the case of a few cases proving the rule about the magical prowess of the “Free” Market correct.
But rather the overwhelming majority proving Dr. Friedman "dead" wrong.
Two further thoughts.
When the going gets tough, our national rough and tumble highly competitive private companies go running to Uncle Sugar for a handout.
You know them. They’re the guys who complain about welfare and how $300 a week unemployment benefits “sap the willingness of the precariat to work”.
While extolling how the “free” market delivers the best solutions to problems.
Now I’m not adverse to giving aid to those who are truly struggling.
Colonial Pipeline’s 2018 FYE audited report shows net profit of some US$ 470 million on total revenues of US $ 1,397 million (a very nice 33.7% net margin) and interim financials for 1Q2019 US$ 137 million in net profit (36% net margin).
It’s not possible to calculate a return on equity as CP has negative equity. Perhaps, due in part to a generous dividend program coupled with an earlier decapitalization (Treasury stock purchases in prior years). CP paid US $670 million dividends in 2018!
In light of those statistics, I think Uncle Sugar shouldn’t give them more than $299 a week lest we encourage them to slack off.
As you’ll note from the dearth of public information on its financials after 1Q19, CP is pretty good with keeping their financial information secure. So it’s pretty clear where their security focus is.
As to the problem being “old operational technology systems, some of which predate the internet,” having “outdated security and being difficult to upgrade”.
Old operational systems which predate the internet probably aren’t connected to the internet.
Thus, it would seem less likely to be vulnerable to hacking and capture unless miscreants were on the premises to infiltrate PLCs.
Analogy: If you only send snail mail, it’s unlikely that hackers are reading your correspondence.
In some cases if your “internet” technology or programs are “old” enough, they may be extremely difficult to hack/capture.
This is not intended as a recommendation for a Luddite return to manual or outdated systems. But rather as a counter to the “old systems” defense.
It is to repeat myself “all about the Benjamins”.
It is a "tried and true" method to motivate folks who focus on money by "threatening" them with large fines and loss of their license to conduct business.
Posts
