Colonial Pipeline Attack: The Pearl Harbor File

John McCumber

John McCumber is a cybersecurity executive, retired US Air Force officer, and former Cryptologic Fellow of the National Security Agency. In addition to his professional activities, John is a former Professorial Lecturer in Information Security at The George Washington University in Washington, DC and is currently a technical editor and columnist for Security Technology Executive magazine. John is the author of the textbook Assessing and Managing Security Risk in IT Systems: a Structured Methodology

Related Post Roulette

36 Responses

  1. Doctor Jay says:

    I know the concept of this, but I love the name “Pearl Harbor file”.

    And as you allude to, things don’t work much differently in the private sector as they do in government, as regards security, anyway.

    What people are asking themselves today is how many of those enhancements could they have bought for the 5 million bucks they are reported to have paid the hackers?Report

  2. Oscar Gordon says:

    I never called it a “Pearl Harbor file”, but yeah, I had a folder of such emails. My director was actually pretty good about approving such things, but she told me to keep that folder for the times she couldn’t approve things, or get approval, just as a professional CYA. Part of the reason I was hired for that role was that my predecessor was so bad and disorganized that the facilities were a constant mess of security holes and compromised machines.Report

    • Mike Schilling in reply to GeoffA says:

      [Experienced system managers and security experts] were expensive, and they appeared to be “wasted money” because, well-managed computers didn’t have many problems; they just worked and stayed up and things happened the way they were supposed to.

      I call this the “offensive lineman problem”: you only get noticed when you fail to block someone.Report

  3. “a patchwork of poorly connected and secured systems,”

    That is, business as usual for any organization that doesn’t take security seriously.Report

  4. veronica d says:

    “Can’t they just use blockchain?” (she says with a sly smile as she slips out of the room).Report

    • Kazzy in reply to veronica d says:

      Can you explain blockchain to someone who is real dumb with this stuff?Report

        • Kazzy in reply to Oscar Gordon says:

          I think I’m more confused!Report

          • Philip H in reply to Kazzy says:

            me too. Plain language training for the cyber security folks is as much of a necessity as it is for us oceanography types.Report

          • Oscar Gordon in reply to Kazzy says:

            I think of blockchain like a ships log. In the Navy, a ships log is a legal document, thus it is immutable, it can be added to, but older information can not be altered*. Whatever is written to the log stays in the log forever. Now with pen and paper, that’s pretty obvious, you’d have to do a lot of work to alter a paper log such that no one would notice it’s been altered. Digital files are a bit easier to modify.

            So digital files include hashes. A hash is just a number (alphanumeric) that is unique to the file. In the case of blockchain, it’s a cryptographic hash that uses information from the contents of the file and the system to generate the hash. The crypto algorithm that generates the hash decides what information is used to generate the hash, and often that algorithm will use stuff like time/date stamps, CPU serial number, etc., so it’s very unique. And the algorithm is one-way, which means you can generate the hash, but you can’t input the hash into the same algorithm to and get back the information used to create it.

            Blockchain, being a log of transactions, computes a hash every time the log is added to, and it uses the previous hash as an input to the new hash, so if a previous hash changes, the next hash won’t match. Now, obviously, you need a way to verify the hash is accurate, and that is where the distributed, peer to peer nature of the blockchain comes into play.

            Blockchain is pretty much useless for a single user. You need a network of users to employ it. Because everybody on the network has access to the log, and a copy of it. If you add a transaction to the log, everybody else on the network looks at the transaction and the hash, and if they find it meets the criteria of a valid transaction, they update their copies. Thus if someone edits the log and creates an invalid hash, they have to also convince the rest of the network that the edit is legit. And that, my friend, is no small task.

            *Technically, you can change the log, by putting a single strike through the incorrect part (so it is still legible), add your initials, and appending the correct information. You can not erase/delete things.Report

            • I think of blockchain like a ships log. In the Navy, a ships log is a legal document, thus it is immutable, it can be added to, but older information can not be altered*. Whatever is written to the log stays in the log forever. Now with pen and paper, that’s pretty obvious, you’d have to do a lot of work to alter a paper log such that no one would notice it’s been altered. Digital files are a bit easier to modify.

              Ah, like lab notebooks only more so. (Lab notebooks are not considered legal documents, but are often important in IP court cases.) Blockchain is showing up in some electronic lab notebooks (ELNs). One of the problems it’s supposed to solve is inadvertent modification, which has always been a problem in ELNs.Report

      • veronica d in reply to Kazzy says:

        To be clear, I was joking. Blockchain is not relevant to this event.Report

      • JS in reply to Kazzy says:

        Blockchain is someone’s cool idea desperately seeking an application. And which was seized upon by people who don’t understand what a ‘currency’ is, but are prone to some weird beliefs about it anyways. And so they used blockchain to create a speculative “currency” that has few of the features people want in a currency, and plenty of features people don’t.

        As to what it is — it’s basically a decentralized transaction setup. Everyone can check everyone else’s work, and basically “verify” transactions/changes/etc without referring to a central authority.

        Imagine if, instead of a bank ledger, every time you moved money into your bank account every member of the bank scrutinized the transaction, verified the incoming money was legit, the account was legit, the math was legit, and then once enough of them had “proved” that money really existed, really entered your account, and really changed your balance — everyone else just agreed and got an updated copy of your balance.

        All of this done using fun mathematical techniques designed to prevent people from lying about it, because if they lied the math wouldn’t work out.

        if this sounds like it would take a lot of time and energy to do something as simple as “my paycheck was deposited, what’s my new balance”, congratulations, that’s problem 1 with blockchain as a ‘currency’.Report

        • Oscar Gordon in reply to JS says:

          To be honest, the transactional nature of blockchain is very much like modern financial transactions. When I get paid, my employer doesn’t send over a stack of paper money to my bank, and the banks don’t actually ship each other stacks of money when transfers happen. It’s all just numbers and trust. We trust that my employers bank will debit the value of my paycheck from their account, and we trust that my bank will credit that amount to my account.

          Blockchain just deals with the trust question in a different way.Report

          • JS in reply to Oscar Gordon says:

            Not really. Your banks ledgers are centralized authorities, and they themselves have their own centralized authorities. And so they can do trusted transactions between themselves to keep their ledgers right.

            So yes Bank B gets a deposit and verifies that Bank A actually debited the money and sent it to Bank B, then finalizes the deposit. Both banks update their ledgers.

            Blockchain effectively polls every bank in the world, waits until a majority say “Oh yeah, we’re totally good with that” and then everyone updates their copies of the bank ledger at once. Which can take days.

            And what’s it get you? Well I mean you don’t have to trust the bank to keep an accurate ledger, and…that’s it.

            For days of processing time and enough power to cover Argentina.Report

            • Oscar Gordon in reply to JS says:

              Aside from the power question, I’m not seeing where we disagree? I wasn’t trying to suggest that blockchain is a better answer to the question of trust, only a different one.

              (The power/CPU time is for mining, not polling/updating)Report

              • JS in reply to Oscar Gordon says:

                Probably nowhere.

                But no, not just mining. (https://www.blockchain.com/charts/avg-confirmation-time)

                Running around 2.5k MINUTES. About a day and a half.

                Because “mining” a bitcoin is effectively mining the transaction log. Each transaction goes into a block, and there’s only so many that can go INTO a block, and then you can’t process anymore transactions until that block is mined.

                Once that happens (it’s supposed to be about every 10 minutes), then a new set of transactions goes into the new block (once everyone has confirmed and authenticated the new block), and the process continues.

                And there is literally no way to speed it up, because the time to mine a block is fixed (specifically, even if you have faster hardware the problem being mined is simply made more complex to keep it to roughly ten minutes per block).

                If we all adopted bitcoin, it’d take WEEKS to process buying a friking Pepsi.Report

              • Oscar Gordon in reply to JS says:

                I get why PoW was used for BitCoin, but they really need to do something about that, it’s not sustainable.

                Median confirmation is about 7 minutes right now, so not terrible, but still kinda slow for currency. Visa manages to run my OJ purchase in less than 10 seconds.

                Anyway, blockchain as currency… I’m not certain it can’t work as one, but I’m also not awash with ideas as to how to overcome the problems that exist. I also don’t care enough to think that hard about it, I have other things I need to be concerned with.Report

              • JS in reply to Oscar Gordon says:

                I don’t think we really disagree.

                The average bitcoin transaction uses up about 700kwhs in electricity. That’s, whoo, a lot.

                Cryptocurrency isn’t sustainable in ANY form. It’s computationally inefficient by design. if you make it more efficient, the difficult of the process is increased.

                it’s just a flat out stupid idea as a way to handle a currency. If you DON’T do that you either have a massively inflationary currency OR you give people no incentive to run the transactions, so you have no currency.

                Someone literally just had a nifty algorithmic idea, then someone else said “Let’s make a currency out of it” because they couldn’t figure out anything else to do, and certainly as “computer people” they were much smarter than “economists”, what do those morons know, and it turned into a tulip bubble if the tulips were imaginary but took the energy budget of Argentina to make.

                I mean after it was used to launder a lot of cash.

                I don’t think you can effectively make an “efficient” cryptocurrency. It trailing along it’s work log and distributed, multiple ledgers and all that is inherent in the process.

                I mean I guess you could ditch the coin entirely, use an efficient method, and just pay people to process the transactions, but then why not just rent a server farm and cut out the middle men? Oops, you’re back to a being bank again with a centralized ledger.Report

    • Oscar Gordon in reply to veronica d says:

      No, you get back here and suffer the hurled whiskey glasses like a big girl!Report

  5. Jaybird says:

    A very interesting thread:

    The part that has me speculating is this part:

    If it is US Law Enforcement behind it, the question then becomes “why in the hell aren’t you doing anything about other such bad actors?!?!?”

    So it’s in USG’s best interest to communicate that they can neither confirm nor deny that they did it.

    But if it’s not USG, then we’re as boned as we were yesterday and the big guys out there have learned an important lesson about keeping low profiles.Report

  6. Jaybird says:

    Holy crap!

    Report

  7. Rufus F. says:

    Oddly enough, I remember writing about the guy who took the blame for Pearl Harbor and why he was probably scapegoated, altough I don’t remember much about the story now:
    https://ordinary-times.com/2016/11/02/book-review-a-matter-of-honor-harper-2016/

    My experience with management is their job requires them to think about many things at the same time and you’re lucky if you can keep them thinking about one thing. Last week, I noticed that our large student union building has a COVID checkpoint so that all traffic comes in and out through one door. Good idea. Very necessary. So, I asked the person who decided upon this:

    “Did you put signs on the other doors of this very large building? Because it seems like they have signs and they’re all locked….”

    “We did both! They’re locked and there are signs!”

    “Okay, well, I’m not a fire marshall, mind you, but….Report