Two years ago, a ransomware attack took down a major pipeline in the U.S., a cybersecurity incident that arguably shook the confidence of the country. This incident highlighted the vulnerability of critical infrastructure to cyberattacks and the need for a coordinated response to mitigate the impact of such attacks.
In May 2021, one of the U.S.’s largest fuel pipelines, Colonial Pipeline, was forced to shut down due to a cyberattack. Behind the attack was a ransomware threat, as Digital Journal reported.
Following the attack, cyber experts urged companies and organizations to strengthen their cyber-related policies, procedures, staffing and resources.
What has been learned?
Since then, the cybersecurity landscape has evolved, and so have the measures taken to prevent and respond to such attacks. However, the question remains – are nations better prepared for the response to ransomware?
To shed light on this issue, insights from cybersecurity experts into the current state of industrial ransomware attacks were sought. The key question posed was ‘what needs to be done to strengthen collective defences?’
First up is Debbie Gordon, CEO, Cloud Range. Gordon focuses on human factors in her assessment: “Having documented incident response processes and procedures is one thing but practicing them is another thing. Even more important is training to prevent them in the first place. Security practitioners need to be able to identify risks to eliminate the chance of ransomware attacks happening in the first place, ensuring that people know what to look for and how to respond.”
The second to comment is David Stroud, CRO, NanoLock Security. He looks at Operational Technology (a distinct concept from Information Technology).
Here Stroud explains: “The 2021 Colonial Pipeline ransomware attack marked a pivotal moment for the U.S. All pipeline activity was halted to contain the damage, protect OT assets from potential impact, and maintain the operational integrity of critical infrastructure. The decision disrupted the flow of fuel to the East Coast, highlighting the vulnerability of OT systems to cyber threats and the devastating impact such attacks can have on the economy and national security.”
According to Stroud, more effort needs to be paid to Operational technology: “Despite increased regulatory attention to OT cybersecurity, progress has been too slow across the world. In 2022, the US Federal Government’s National Institute of Standards and Technology (NIST) published the “Guide to Operational Technology (OT) Security” (NIST SP 800-82r3), which calls for the protection of individual OT components (devices) from exploitation.”
This follows the best practice examples of the recent updates to the Codes of Practice for Critical Infrastructure (CSA CCoP 2.0) issued by the Cyber Security Agency of Singapore. Stroud explains this legislation urges “Device-level critical OT assets protection, and the new European Union regulation, NIS2, which explicitly requires the adoption of active cyber protection and prevention, as well as cyber hygiene practices, such as zero-trust principle and device configuration.”
In term of recommendations, Stroud puts forward: “To safeguard OT assets, companies and public bodies must shift their focus from detection to prevention. A prevention-based, zero-trust approach ensures configurational and operational integrity as well as uninterrupted OT activity even in the event of an IT attack. As we approach the two-year anniversary of the Colonial Pipeline cyberattack, it is crucial that the government, private sector, and the public accelerate their efforts to prevent similar attacks from happening in the future.”