Every time I hear about a new cyber-attack, I ask myself: “Is this a new attack vector? A new vulnerability? A new creative tactic?” The answer is almost invariably no. Attack after attack, threat intelligence reports describe well known tactics that have been carried out numerous times in the past. I breathe a sigh of relief and remember Churchill’s famous World War II motto: “Be calm and carry on!”
The attack reported on May 7th on the Colonial Pipeline is no exception. The Colonial Pipeline is the largest pipeline system in the United States, carrying over 3 million barrels of refined oil products per day between Texas and New York. It is a critical infrastructure supplying almost 50% of the gasoline and jet fuel utilized by numerous industries and 50 million people on the East Coast. These critical infrastructures must be secured! What happened?
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) confirmed that DarkSide, a Russian cybercriminal hacking group that targets victims using ransomware and extortion was behind the Colonial Pipeline attack. They succeeded in gaining access to the company’s enterprise network and deploying the DarkSide ransomware to seize IT systems. It seems the attack did not spread to Colonial’s industrial network, as the company wisely disconnected OT systems to ensure safety of their industrial operations.
After paying a $4.4 million ransom and spending a long week restoring backups, Colonial was able to resume operations. Subsequently, fuel shortages began to occur across several airports such as at Charlotte Douglas International where airlines had to change flight schedules. Filling stations in several states also run out of fuel amid panic buying. Average fuel prices rose to their highest since 2014 and President Joe Biden declared a state of emergency to allow additional transport of fuel by road to alleviate shortages.
Many reporters qualify this attack as one of the most critical one in the country’s history. This is certainly true considering the impact it had on the physical world, although it only targeted IT systems. Industrial and enterprise networks are converged. They are now so well connected to each other that an attack on either one will disrupt the other, causing numerous cascading effects.
Yet, many industrial organizations still operate based on the assumption that the airgap they created to isolate industrial operations from the enterprise network will suffice. Organizations have started to build holistic security strategies, managing IT and OT security as a whole and not as two separate silos. The Colonial Pipeline attack is another alarm bell for the industry, stressing the fact that protecting the physical world from cyber-attacks requires a strong IT security practice as well as specific OT security measures.
Here are a few measures that industrial organizations should implement to start converging their IT and OT security practices:
This might sound like a daunting list, but everything doesn’t have to be deployed overnight. A global pre-integrated solution would make it much easier to deploy and operate while offering unmatched features. Security is a journeywhere new capabilities are added depending on your priorities and the events you fear the most. Cisco has designed a reference architecture that will help you phase your project. Read more about it here.
What about you? How mature is your organization’s OT Security practice? Take the test and see what you should do next! To learn more about how you can secure your IoT/OT infrastructure, visit our IoT Security page or contact us. To get the latest industry news on IoT Security delivered straight to your inbox, subscribe to the Cisco IoT Security Newsletter.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels