It took little over two hours for hackers to gain control of more than 100 gigabytes of information from Colonial Pipeline on May 7, 2021 – causing the firm to shut down its fuel distribution network and sparking widespread fears of a gasoline shortage. The decision to pay off the attackers was also made with apparent speed, but the ethical arguments involved are age old and the implications could reverberate well into the future.
Cyberattacks, including those on critical infrastructure in the U.S., are nothing new. Ransomware, a type of malicious software that locks access to a computer until a ransom is paid, has been a component of the cyberthreat landscape since the mid-2000s. But the Colonial Pipeline breach raised the stakes and highlighted the ability of ransomware to interrupt the vital services on which Americans rely.
As scholars of cybersecurity policy, in particular critical infrastructure protection and ransomware, we think it important to consider the legal and ethical questions surrounding ransomware payments – just because paying off cyberattackers may be lawful in some contexts, that still doesn’t make it the morally correct thing to do.
To Pay or Not to Pay
It has been widely reported that the Colonial Pipleline CEO
Support the originator by clicking the read the rest link below.
