Over the weekend, Colonial Pipeline, owner of 5,500 miles of pipeline delivering natural gas, gasoline, and diesel from Texas to New Jersey, shut down its operations in response to what it said was a ransomware attack targeting its information technology (IT) network.
Officials from Colonial said in a statement that the impact was minimal and that the business “proactively took some systems offline to mitigate the danger.”
- 1 That Response, Which Included Disabling Select Operational Technology/Industrial Control
- 2 What we can learn from the attack on the Colonial Pipeline
- 3 The Latest Cyber Battleground is Industrial Companies.
- 4 Cybersecurity in the Industrial Sector is Not a “IT” vs. “OT” Issue.
- 5 The Safety of Industrial Facilities Depends On Well-Managed Cybersecurity.
- 6 It’s Vital That We Respond to Disasters Quickly And Recover From Them Quickly.
- 7 Stoppages in the Interest of Preventing a True OT Incident are Tolerated, Even if They Result in a Loss.
That Response, Which Included Disabling Select Operational Technology/Industrial Control
That response, which included stopping select operational technology/industrial control systems (OT/ICS) “temporarily suspended all pipeline operations… which we are currently in the process of restoring.”
The company said said its OT systems were fine, and that the shutdown was a precautionary action taken to facilitate a speedy recovery. Without such an abundance of care, the IT malware may have proven much more disruptive because to the interconnectivity of pipeline infrastructure and participants upstream/downstream (e.g., custody transfers, shared remote metering, available storage/capacity, etc.).
- Ginni Thomas Reportedly Pressed Trumps Chief of Staff on …
- Which of the Following is an Example of an Alliance That Failed Due To Partner Incompatibility?
What we can learn from the attack on the Colonial Pipeline
Despite Colonial’s openness, it is not obvious how effective their incident response has been so far. As early detection provided adequate warning for defenders to swiftly separate IT and OT, it may have been highly effective in stopping the ransomware from spreading to mission-critical OT systems.
There’s also a chance they got lucky and the malware didn’t make it into OT. For now, we can only speculate.
However, there are still a few key lessons that industrial organisations can learn from the Colonial Pipeline crisis’s early stages.
The Latest Cyber Battleground is Industrial Companies.
The “A” in the confidentiality-integrity-availability (CIA) trinity is now receiving more attention than it did before because to the returns from ransomware, especially among industrial enterprises. While industries like banking and retail, which store massive amounts of consumer data, have been dealing with cyber threats for years, the advent of ransomware has changed the game and alerted manufacturers.
A shutdown might have serious repercussions financially. Even businesses that don’t believe they are a prime target for cyber attacks need to make cyber security a central part of their disaster recovery plans and a more prominent management concern.
Cybersecurity in the Industrial Sector is Not a “IT” vs. “OT” Issue.
Attacks on either end of the system can disrupt operations. Organizations must urgently strive toward merging these two entities to ensure the safety of the overall system. As vital as the SCADA network running the pumps and valves is, so too are the billing and pricing systems and the data needed to operate them. Securing operations requires full visibility and protection throughout the whole IT/OT stack.
The Safety of Industrial Facilities Depends On Well-Managed Cybersecurity.
We’ve spent over 25 years working on industrial systems, and the biggest security holes we’ve seen are in administration and upkeep. Although firewalls may be in place, staff have likely modified rule settings to permit remote access and built servers that circumvent vital protective levels.
Even if there are patching policies in place, the normal manual chores rarely get done because of the pressing needs of business.
These voids are not centrally visible. There may be standard secure configurations, however these are often broken due to exceptions, users adjusting them, new software being authorised, and ports being opened.
It’s Vital That We Respond to Disasters Quickly And Recover From Them Quickly.
It’s possible that Colonial Pipeline took swift action to contain the ransomware’s impact. It’s obvious that detection is crucial.
The true power of a defender lies in his or her capacity to act instantly across all IT and OT endpoints in the fleet to halt the spread of malware. By coordinating their efforts to detect ransomware and respond to it, manufacturing companies may greatly limit the damage they sustain and the amount they have to spend to do so.
- Bookkeeping For Small Business Hidden Secrets Medium Matt Oliver
- Who is the Only Person to Win an Oscar for Acting in a Quentin Tarantino Film?
Stoppages in the Interest of Preventing a True OT Incident are Tolerated, Even if They Result in a Loss.
For those who work in the field of cybersecurity for essential infrastructure, incidents like the Colonial crisis have become the norm. Companies need to have a clear protocol in place for dealing with these kinds of crises, and staff members need to know how to use it.
The private sector that is not involved with the production or distribution of energy could benefit from stricter security measures, and legislation and compliance could help to achieve this goal.