The recent cyberattack on Colonial Pipeline highlights the necessity of having a robust cybersecurity program that gives you visibility and control over your critical infrastructure.
Colonial Pipeline, which owns 5,500 miles of pipeline carrying natural gas, gasoline, and diesel from Texas to New Jersey, shut down operations in May second week in reaction to a ransomware attack on its IT network.
In a media statement, Colonial officials revealed that the damage was limited to their IT systems, but added that the company “proactively took certain systems offline to contain the threat.”
According to its website, Colonial Pipeline operates the largest refined products pipeline in the United States, moving 2.5 million barrels per day through its combined infrastructure.
According to published accounts, Colonial used the services of incident response specialist FireEye as part of its rapid response to the cyberattack. Investigators have since linked the attack to DarkSide, a well-known Russian criminal ransomware outfit responsible for roughly 40 previous operations with ransom demands ranging from $200,000 to over $2 million.
Valuable Cybersecurity Lessons
While Colonial has been fairly open about its operations, it is still unclear how effective their incident response has been so far. It could have been extremely effective, with early detection providing adequate warning for defenders to swiftly separate IT and OT, preventing the ransomware from spreading to other crucial OT systems.
Nonetheless, there are a few noteworthy takeaways for organisations from the Colonial Pipeline cybersecurity breach.
It’s possible that Colonial Pipeline acted fast to stop the malware from spreading. Detection is obviously crucial. The real advantage a defence can have is the capability to take immediate action across endpoints in the fleet — IT or OT — to stop malware from spreading. Industrial organisations can greatly decrease the spread and cost of ransomware attacks by combining detection and response operations.
Industrial protection requires well-managed cybersecurity. Although firewalls exist, cybersecurity personnel can modify rule settings to allow remote access and established servers that bypass important security levels. Patching policies may exist, however given the urgency of operations, manual tasks that are often standard are not accomplished. There is no central visibility of these security gaps. Although standard secure configurations exist, exceptions are made, users alter them, new software is authorised, and ports are opened, resulting in security gaps.
Strong protections require the ability to aggregate the security state of various systems into a single database in order to track and ensure that protections are maintained. Patching, segmenting, hardening configurations, ensuring proper backups, and limiting access to least privilege are all tasks that security team must comply. The distinction between being a victim and not being a victim can be determined by these key, essential security aspects.
Security compliance can help to raise the security bar for non-energy-related private Industry. Regulatory compliance isn’t attractive, but it has helped the energy business improve some basic aspects of cybersecurity. Given that traditional fuel sources are typically used in energy generation, contributing infrastructure may eventually be subject to security governance that extends beyond simple guidance or recommendations.
Conclusion
The Colonial Pipeline cyberattack has shown how critical service providers are becoming increasingly vulnerable to global threat actors. As a result, in the complex global Industrial environment, cybersecurity has evolved into a business strategy challenge demanding the greatest level of monitoring.
With the other recent cyberattacks, such as those on a Florida water facility and Solarwinds software provider, have highlighted the fact that the success of these events will be determined by the cybersecurity flaws of the mitigation systems in place.
Businesses and governments must reinvent how to utilise and manage our critical infrastructure to reap the benefits of digitization while minimising the potential cyber risks and threats. This entails recognising how our individual activities affect the collective and building shared accountability frameworks.
We are likely to see increased cyberattacks on Industrial systems like oil and gas pipelines or water treatment plants unless cybersecurity measures are incorporated into corporate or organisational culture and the digital product lifecycle.
While no business can ever completely eliminate the risk of a security breach, there are steps that any organisation can take to prepare itself, and these actions offer a considerable Return on Investment (RoI) when compared to the expense of a breach.