At a Senate Homeland Security Committee hearing Tuesday on last month's Colonial Pipeline ransomware attack, Sen Josh Hawley (R-Mo.) grilled Colonial CEO Joseph Blount on his company's digital security practices — and whether an analog alternative still exists.
"There was a time, I assume, when you operated the pipeline without today's computer system," Hawley said. "Do you have the capability to manually operate the pipeline in the future in the event of an IT attack like this one?"
Blount answered with a much-qualified "yes": "We actually did operate small portions of the pipeline manually in order to alleviate some of the fuel shortage," he told Hawley, and on a "go-forward basis, there's no question that we will look at that capability." But, Blount added, the institutional knowledge of manual operation in this and similar utility systems is literally dying off. Many workers who once "operate[d] Colonial Pipeline and other infrastructure in America, historically, manually, they're retiring or they're gone," he said. (Watch their exchange in full via C-SPAN, beginning around the 1:18 mark.)
This raises a largely overlooked point regarding digital threats foreign and domestic: We probably need analog options, because Washington is failing to keep crucial systems safe.
Cybersecurity will only become more important, but our government isn't prioritizing defense. "Across the federal government," Reuters reported in 2017, "about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including penetrating the computer systems of adversaries, listening to communications, and developing the means to disable or degrade infrastructure."
This is an enormous mistake. Our focus should be hardening U.S. digital targets against attack, not attacking other nations. That's particularly true of major weapons systems and life-sustaining infrastructure, including fuel pipelines like this one, as well as local water, waste, and power utilities, plus nuclear plants, dams, some transportation systems, maybe even food distribution.
And if we can't get our act together on digital defense, then Hawley (and former President Donald Trump, as my colleague Joel Mathis pointed out on Twitter) is right: We need to move back toward analog, or at least keep it in good working order as a backup plan for crises. That doesn't mean zero computers, of course, but it might entail something like an air-gapped system, which is physically incapable of internet connection and therefore much more difficult to hack. There would be inconveniences to such a shift, but we can't have nice things if we can't keep them from getting broken.