The cybersecurity ‘pandemic’ that led to the Colonial Pipeline disaster


The cyber attack that forced the Colonial Pipeline to go offline is just one failure to address existing vulnerabilities and an escalating “ransomware pandemic,” experts say. The edge. That makes the country’s energy infrastructure particularly vulnerable, even though there are basic steps that could have been taken to avoid the current crisis.

“In all fairness, I think this should come as no surprise to anyone closely monitoring ransomware,” said Philip Reiner, CEO of the nonprofit Institute for Security and Technology. “This is yet another example of what really is a ransomware pandemic that must be dealt with at the highest level.”

An escalating threat from bad actors, such as the criminal group Dark side believed to be behind the attack on Colonial Pipeline coincides with more potential weaknesses in the energy sector’s cyber infrastructure. Reiner says ransomware poses more and more risks to critical infrastructure than energy, including healthcare and financial systems. Hackers have also turned to technology. An Apple subcontractor was hit by a $ 50 million ransomware attack last month. But the energy sector appears to be particularly vulnerable to all kinds of cyber threats.

“This is the kind of thing that keeps people like us up at night,” said Tucker Bailey, a partner and cybersecurity expert at consulting firm McKinsey & Company. “We have known that the [vulnerabilities] have been around for a while.

Nearly half of all fuel on the East Coast normally goes through the colonial pipeline, which has been closed since May 7. The pipeline company’s IT system fell victim to ransomware, a type of cyber attack in which hackers demand payment to get systems back online. DarkSide also stole company data and threatened to publish it online, Bloomberg reported.

According to the National Regulatory Research Institute. Fifty-six percent of utility professionals surveyed by Siemens in 2019 said they had experienced at least one attack in the past year that resulted in a malfunction or loss of private information. More than a third of the 796 “cyber incidents” reported to the Department of Homeland Security between 2013 and 2015 took place in the energy sector.

A clash of a few key factors could push those numbers up. First, experts say there are more state actors, cyber criminals and hacktivists targeting critical infrastructure. Second, an increasingly digital energy sector offers more opportunities for hackers to attack.

“As everything becomes more automated, controls for our critical infrastructure are also more automated and steps need to be taken to ensure they are protected from cyber-attacks,” said Leslie Gordon, acting director for homeland security and justice on the watchdog . Accountability Office (GAO). She says what happened to Colonial Pipeline is “an example of not protecting critical infrastructure.”

Companies regularly fail to implement even basic security hygiene, leaving critical infrastructure susceptible to attack. Good security hygiene can include relatively simple things, such as requiring multi-factor authentication, having response plans in place, and keeping backup systems in place. With Colonial Pipeline, not being able to keep its network segmented – so that bad actors can’t easily jump from one part of the system to another – was a major problem that shows a lack of cyber hygiene, Reiner said. Colonial’s IT system was attacked, but it was connected to the company’s operating system, so that was shut down too.

“One of the things we see here is another example of basic steps not taken to secure your systems,” says Reiner. “Cyber ​​hygiene, or lack thereof, is truly one of the biggest causes of cybercrime. It’s not so much that these guys are that good. They are just people who undo very basic things.

President Joe Biden is expected to have a executive order that may require contractors that the federal government works with to implement those kinds of security measures, and last month the administration launched a plan to address “growing cyber threats” to the US electrical system. It includes working with tools to build their capacity to stop, detect and respond to attacks. Also the Department of Energy launched new research programs in March to make the energy sector more resilient to threats, both physical and cyber.

But labor shortages are another persistent problem for the energy sector that could jeopardize those plans. There is an estimated shortage of 498,480 cybersecurity workers in the US, a 2019 report found it. The Transportation Security Administration, which oversees pipeline security, is short of inspectors and has no strategic workforce development plan to help it “ carry out its pipeline security responsibilities, ” a 2018 report found by the GAO. Three years after the agency recommended that the TSA fill that gap, the GAO says this has yet to be done (although the TSA reports it is in the process of completing a workforce plan).

Until these basic issues are resolved, the threat of cyber attacks will be over the energy system and other critical infrastructure. And while the attacks are virtual, the consequences are quickly felt on the ground. The longer the colonial pipeline is out of service, the greater the risk that gas stations, jet fuel and even domestic heating oil will dry up. The pipeline company did not respond The edge at the time of publication but said in a statement which is bringing parts of its pipeline online in stages – in the hope that most operations will have recovered by the end of the week.