How the Colonial Pipeline attack instilled urgency in cybersecurity


In the infosecurity world, this was the 5 a.m. phone call that many feared, but few were prepared to handle.

In the early hours of May 7, 2021, a Colonial Pipeline worker discovered a ransom note inside the company’s IT systems. Threat actors linked to the DarkSide ransomware organization had gained access to an outdated VPN account. 

The compromise, leveraged to encrypt data on the company’s systems, left Colonial’s massive operational technology (OT) network, including a 5,500 mile pipeline, at risk of remote takeover. 

For days, millions of Americans on the East Coast, from small business owners to commercial truckers, faced lines at the gas pump not seen in the U.S. since the ’70s. Gas prices shot up, consumers began to hoard dwindling supplies and numerous fuel stations shuttered as Colonial, the largest U.S. refined oil supplier, held secret negotiations to regain access to its computer systems. 

“Colonial Pipeline is the most consequential cyberattack on U.S. energy infrastructure to date,” said Mark Plemmons, senior director of threat intelligence at Dragos.

The impact of the attack went well beyond the cybersecurity community, and garnered the attention of the general public and corporate boardroom officials, according to Plemmons. The attack helped lead to a greater focus on security involving industrial control systems (ICS) and operational technology at all levels.

Private industry and government agencies alike have placed an increased focus on ICS security, prioritizing sector resilience and sharing intelligence, in an effort to prepare government officials and infrastructure providers for when the next major cyberattack hits.

“Colonial Pipeline was a galvanizing event for the country,” Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency, said during a virtual forum on May 5 sponsored by the Advanced Technology Academic Research Center (ATARC). “Raising awareness about the potential threats and risks for cyberattack. It’s not just ones and zeros inside of computers. These attacks could have real implications for our way of life.”

What flowed from the Colonial Pipeline attack is the realization in Congress and the critical infrastructure community that cyberattacks must be taken more seriously. Cybersecurity risk is no longer just a problem to be addressed inside network operations centers or CISO offices, Wales said. 

Evolving threats

Critical infrastructure providers in the U.S. are facing a series of evolving threats on a never-before-seen scale. Since the launch of the Ukraine war in February, advanced persistent threat actors have developed custom malware designed to sabotage or even destroy critical infrastructure facilities. Criminal ransomware gangs too have proven on multiple occasions they can hold major manufacturing companies and essential services hostage using double extortion techniques and targeted attacks.

This, coupled with the pivot to the remote operations of the nation’s critical infrastructure — a change made amid the onset of COVID-19 — has increased dependence on automation and artificial intelligence. It adds new, digital access points to critical systems.

“Many operating technologies – things like pumps and pipelines and turbines – that used to be analog or isolated, are now digitized and networked with IT systems,” said Leo Simonovich, VP and global head of industrial cyber at Siemens Energy.

Digital devices enable remote operations, as well as greater efficiencies and lower emissions, according to Simonovich. However, digitalization exposes a lot more infrastructure to cyberattacks. 

Siemens conducted a study with the Ponemon Institute in October 2019, months before the international COVID-19 outbreak, showing utility companies were increasingly vulnerable to cyberattack. The global survey of 1,726 utility professionals responsible for OT cybersecurity showed 54% of them expected an attack within a 12-month period. 

More than half reported a shutdown or operational data loss each year.


Source link