Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What did the DarkSide incident targeting Colonial Pipeline reveal about ransomware and the vulnerability of critical infrastructure?
Well, basically everything you need to know. The type of impact debilitating infrastructure through a ransomware or other method of cyberattack has been warned about for years. The risk of exploitation of vulnerabilities in software with enormous ripple effects became very tangible with the attack on Colonial Pipelines. But remember that energy infrastructure in the US already enjoys the highest protections, and still the attackers managed to perpetrate.
How can companies and governments catch up on cyber defense?
Now, it's critical that there is a mapping of an entire ecosystem, whether that is a company network or an entire country's architecture. Is it clear who is responsible for protecting which parts and how does information flow in case of emergency? I worry about the overreliance on software companies, which, as illustrated by the SolarWinds exchange server and now Colonial hacks are not strong enough. Connectivity brings new and often invisible vulnerabilities that must be addressed with more resilient protections and with more insights to public and Democratic leaders.