A cyber attack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.

Michael Schmitt et al; Tallinn Manual 1.0, pp 92
  • Cyber Operation?
  • Expected to cause death or injury to people or damage to objects?
The Colonial Pipeline Ransomware Incident does not match this definition. Here's a list of actual cyberattacks and and why this matters.

What happened?

A Russian ransomware group DarkSide used malware to lock servers in the Colonial Pipeline IT environment. Out of an abundance of caution, Colonial shutdown its operations while it rebuilt the environment.