Pipeline Cyberattack Highlights Fragile Infrastructure
by Ariel Grant
What do you need to do to protect yourself?
On May 8, 2021, Colonial Pipeline announced that it was the victim of a ransomware attack. According to the statement, Colonial’s response to the breach shut down all pipeline operations. Colonial is responsible for 45% of fuel consumed on the East Coast.
While this security incident is grabbing headlines, it is far from the worst case scenario. We should consider it another wake-up call in a long line of them.
Companies responsible for infrastructure typically run at least two types of networks. The first is a standard network for business operations, such as customer service, billing, and the like. The other is a supervisory control and data acquisition (SCADA) network, which is responsible for the actual infrastructure.
SCADA security has been a concern for years. In 2009, someone used vulnerabilities in Sieman computer systems to cause physical damage to Iran’s nuclear program. The Department of Homeland Security’s critical infrastructure work focuses in large part on SCADA systems.
Unfortunately, the desire for more functions has led to closer ties between SCADA systems and other network infrastructure. These functions include remote administration, data gathering, and financial tasks. In fact, as local utilities across the country have decreased staff, the need for remote administration has increased. This increase led to a dangerous attack on a water treatment plant in Florida earlier this year. Luckily, a worker saw the intrusion and was able to stop the attack before the attacker was able to add dangerous levels of sodium hydroxide to the water supply.
Other infrastructure attacks have led to extensive damage. For instance, intruders were able to damage a blast furnace in Germany through remote access. As more of these systems are connected to external networks, more attacks will occur. Inevitably, they will lead to someone dying as a result of a cyberattack.
What Comes Next?
President Biden’s infrastructure bill was already subject to widespread criticism for its lack of cybersecurity funding. We expect that to change. We also anticipate Executive Orders addressing infrastructure security. Congress was already considering mandatory breach and vulnerability reporting, and it will likely move faster.
This breach highlights the need for resiliency in networks of all types. Colonial Pipeline had to shut down its pipeline operations to mitigate a ransomware attack. Incident response plans should integrate with disaster recovery/business continuity plans, all of which should be tested at least annually. Sensitive systems and data should be segmented, but network testing should assume that the segmentation will fail.
If your organization does not have a disaster recovery/business continuity plan, you are assuming an enormous amount of risk. A ransomware attack on your network may not cut off 40% of the oil to the east coast, but it could be enough to critically damage your organization.
If you are unsure if you have adequate security or need help testing your incident response or disaster recovery/business continuity plans, you should contact us for assistance.