Case Study

 Case Study 

Colonial Pipeline Attack of Ransomware 
a Cybersecurity Social Science Perspective 

Student Name: Khabir Abdul-Quddus 

School of Cybersecurity, Old Dominion University 
CYSE 201S: Cybersecurity and the Social Sciences  

Instructor Name: Diwakar Yalpi 

  Due Date: 4/22/26 

Introduction 

A ransomware attack was made on the Colonial Pipeline back in 2021, which was not just technical issue but factors of human interaction as well as social factors. The Colonial Pipeline being one of a major supplier of fuel in the United States to date was hacked and forced to close after a single password leak. According to Joseph Blout, The Colonial Pipeline CEO, he understood the situation and came up with a decision to either take the attackers’ ransom demands or not negotiate at all (Gawazah, 2024). This breach led to a lot of vulnerabilities while exposing the technical side as well as the human interaction and societal situations regarding critical infrastructure. 

Analysis 

 A sociology perspective would see this as an error on public behavior and lack of security training practices. The Economic perspective to this would be that these pipelines supply around 5,000 of fuel towards the United States east coast. Airports, construction, even gas stations utilize the fuel from the colonial pipeline and so when its shutdown then a lot of industries suffered because of it. Joseph Blout paid about 4.4 million to the attackers just to regain access to the pipelines (Kelly et al., 2021). Lastly, from a psychological perspective, the threat of ransomware can be factored into human negligent regarding bad password management. The pipeline could consist of employees having a lack of awareness to see any issues with incoming threats. Attackers can take advantage of human behavior easier from manipulating trust than breaking unknown and complex technology. 

Solutions 

Solutions to help alleviate any more incoming threats would be the use of an internal review system and secured user authentication (Beerman et al., 2023). A secured user authentication system could help mitigate any threat just by not letting the user gain access to important they’re not supposed to be using. Multi-step authentication results with a password followed by a code sent to the user in charge for them to verify the authenticity. This solution will help keep private information from cyber threats for both physical and system levels. Internal systems could prevent inactive vpn from being used, like gaining access to the fuel pipelines. If the VPN was checked based on inactive status then hackers wouldn’t have access in the first place.  

Reflection 

This case study taught people that cybersecurity plays a good factor in how our systems function in our everyday lives, but it is not solved by the systems itself. Human behavior and cultural norms are also factors and can be the bigger result of a good or bad outcome. I learned that understanding social science properties like economics, sociology, and psychology can help greatly with how we go about learning both offense and defense with our technology security today. If human training through simulations about strong passwords or even basic system security procedures can help mitigate threats, then we can definitely improve the cybersecurity environment as well as the security for people around the world.  

Conclusion 

The Colonial Pipeline learned from this experience to this day and was an alarm to many companies about tightening security. Cybersecurity advances every year, and it is not just how we reduce risk of a threat, but it is how we respond to that threat. Technical issues aren’t the only factor, but human interaction as well as cultural norms play a part in results. Hackers get creative, and it is up to cybersecurity specialists to respond and patch up vulnerabilities that may be unprotected. Organizations need to not invest in productivity but also in network security to help reduce any signs of threats. 

References

Beerman, J., Berent, D., Falter, Z., & Bhunia, S. (2023, May 1). A Review of Colonial Pipeline Ransomware Attack. IEEE Xplore. https://doi.org/10.1109/CCGridW59191.2023.00017 

‌ Gawazah, L. (2024). To Pay or Not to Pay: The US Colonial Pipeline Ransomware Attack. https://www.researchgate.net/profile/Lazarus-Gawazah/publication/383206534_To_Pay_or_Not_to_Pay-_The_US_Colonial_Pipeline_Ransomware_Attack/links/66c1b6bf8d007355925dd805/To-Pay-or-Not-to-Pay-The-US-Colonial-Pipeline-Ransomware-Attack.pdf 

‌ Kelly, M. L., Fuller, J., & Kenin, J. (2021, June 3). The Colonial Pipeline CEO Explains The Decision To Pay Hackers A $4.4 Million Ransom. NPR.org. https://www.npr.org/2021/06/03/1003020300/colonial-pipeline-ceo-explains-the-decision-to-pay-hackers-4-4-million-ransom