THE OPENUNIVERSITY OF SRI LANKA

DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

BACHELOR OF SOFTWARE ENGINEERING PROGRAM

EEI5270/EEX5270– Information Security

Answers to this CS should be uploaded to the Moodle class drop box only.

(Answers should be clear, and readable. Use A4 paper. Unclear, unreadable, copied and direct
reproduction from the textbooks will not gain any points for the answers. Delayed submissions
will count minus marks.)

Case Study 01

The Colonial Pipeline Ransomware Attack stands as a stark reminder of the critical vulnerabilities faced by
modern organizations in the face of relentless cyber threats. This case study investigates into the events
surrounding one of the most impactful ransomware attacks in recent times, focusing on the Colonial
Pipeline Company—a major provider of fuel transportation in the United States.

Part 1:

1. Provide a brief overview of the Colonial Pipeline Ransomware Attack, including its background,
timeline, how the attackers gained control over Colonial Pipeline's systems and infrastructure and
the impact it had on the organization and beyond.
2.
2.1 Describe the immediate and long-term consequences of the attack on Colonial Pipeline's
operations, customers, and stakeholders.
2.2 Analyze the economic, environmental, and social implications of the pipeline shutdown.

3. Identify key lessons that organizations, both within the energy sector and beyond, can learn from
this incident.

Part 2:

1. Propose recommendations for organizations to enhance their cybersecurity posture and

preparedness against ransomware attacks.

2. Discuss the role of cybersecurity training, employee awareness, and technology investments in
preventing similar incidents.

Notes

 Case Study should be well written as a formal assignment and submitted as an assignment in due
date.
 Part 1 and Part 2 have to be clearly demarcated.
 Each question should be marked and the answers should be numbered.