Let's start with the stupid: Yes, what they did, assuming the reports are accurate, was stupid.
You do not connect anything that has access to SCADA, that is, control systems, to the Internet. Period. I don't care how. I don't why. I don't care what. You don't do it. End of discussion.
Oh, but that means the employees can't work from home! Correct.
Sit in office, work on machine, machine has zero external connectivity, no USB ports or instantly alarms if you plug something into one, etc.
Connections between facilities are encrypted over centrally-controlled infrastructure with regular audits. Nothing beyond the orbit of those devices connects to the sane and sanitary systems. Period, end of discussion, no exceptions.
Next, there are rumors that Colonial had a leak in their line and it was spewing fuel into the environment. It was allegedly supposed to be fixed by a given date. More than one million gallons of gas spewed out of it. Eight months later it was still not corrected. That was on April 19th of this year.
So what's going on here?
I get it. Things break. We rely on "things" for our daily lives. A certain amount of human error and trouble is expected. I'm ok with this; many are not, but I am because I like to have fuel in my car and groceries on the shelves, and without said technology, which comes with risk, we won't have those things.
There are people who think we can avoid all that. They're wrong.
But how many articles have I written over the last 13 years talking about cybersecurity and proper control over one's infrastructure when it comes to critical items. You know, like pipeline pressures, delivery quantities, etc? How is it that this sort of volume of gasoline managed to get out? Is there not a set of flow meters on the inlet and outlet, and do they not match? Are there not pressure transducers that detect a violation of the pipe's integrity? Is not the characterization of the flow known; the pipe is "X" length, the pressure is "Y", the flow is "Z" and we know what it's made of so we should be able to reasonably compute what the frictional loss is over a given distance. Further, as should be obvious, if 1,000 gallons go in one end then exactly 1,000 gallons have to come out the other end, right? This isn't a damned garden spray-nozzle!
Why do people get a pass on this crap?
I've done plenty of coding and hardware integration for things that can kill people and break things if they go wrong. Indeed, until I set up my Internet company that was a large part of my primary job description across multiple projects. Don't **** up or property will get destroyed and people might die.
It's not that hard folks.
If Colonial was actually cryptojacked that's bad enough but it never, under any circumstances, should have extended in its operational impact beyond billing people. That this event resulted in a shutdown of transport is simply unacceptable and this begs the question: Where are the alleged regulators and why isn't this firm immediately and permanently out of business, especially considering that they appear to have dumped a million gallons of gasoline on ground that isn't theirs.
We used to be a first-world nation.
Now we're rapidly becoming a turd-world one.
PS: Are the nuclear plants in this nation run by similarly "skilled" individuals? Just asking, you know.