"The Attack on Colonial Pipeline: What We've Learned & What We've Done Over the Past Two Years"
In 2021, a ransomware attack on Colonial Pipeline made news worldwide. Since then, the Biden-Harris Administration has taken significant steps in US cyber defense, leveraging the strength of the US government to address the full spectrum of the threat. The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has made efforts to improve resilience across the nation's critical infrastructure. Recognizing the need for organizations to have easy access to actionable and timely cybersecurity information, CISA created a website resource to serve as a hub for warnings and guidance for businesses and individuals. As only cohesive cross-government collaboration can scale to meet the threat, CISA formed the Joint Ransomware Task Force (JRTF) with its FBI partners to coordinate the federal government's response to the ransomware outbreak. Due to the need to bring industry, government, and internal partners together and break down siloes that create gaps for the adversary, CISA established the Joint Cyber Defense Collaborative (JCDC). This concept stemmed from the US Cyberspace Solarium Commission, catalyzing a community of experts on the front lines of cyber defense, from across the public and private sectors, to share insights and information in real-time. This article continues to discuss lessons learned from the cyberattack on Colonial Pipeline and what CISA has done to help combat the ransomware threat.