Connect with us

Hi, what are you looking for?


Two years after Colonial Pipeline attack: Are we better prepared for ransomware?

The overall incident raised awareness of the massive vulnerabilities within the U.S. critical infrastructure. Is the situation any better today?

US offers rewards to stop foreign ransomware attacks
Attendants direct cars to gas pumps as they queue to fill their tanks at a Costco in Charlotte, North Carolina in May 2021 following a ransomware attack that shut down the Colonial Pipeline - Copyright AFP Miraj Kateb
Attendants direct cars to gas pumps as they queue to fill their tanks at a Costco in Charlotte, North Carolina in May 2021 following a ransomware attack that shut down the Colonial Pipeline - Copyright AFP Miraj Kateb

Two years ago, a ransomware attack took down a major pipeline in the U.S., a cybersecurity incident that arguably shook the confidence of the country. This incident highlighted the vulnerability of critical infrastructure to cyberattacks and the need for a coordinated response to mitigate the impact of such attacks.

In May 2021, one of the U.S.’s largest fuel pipelines, Colonial Pipeline, was forced to shut down due to a cyberattack. Behind the attack was a ransomware threat, as Digital Journal reported.

Following the attack, cyber experts urged companies and organizations to strengthen their cyber-related policies, procedures, staffing and resources.

What has been learned?

Since then, the cybersecurity landscape has evolved, and so have the measures taken to prevent and respond to such attacks. However, the question remains – are nations better prepared for the response to ransomware?

To shed light on this issue, insights from cybersecurity experts into the current state of industrial ransomware attacks were sought. The key question posed was ‘what needs to be done to strengthen collective defences?’

First up is Debbie Gordon, CEO, Cloud Range. Gordon focuses on human factors in her assessment: “Having documented incident response processes and procedures is one thing but practicing them is another thing. Even more important is training to prevent them in the first place. Security practitioners need to be able to identify risks to eliminate the chance of ransomware attacks happening in the first place, ensuring that people know what to look for and how to respond.”

The second to comment is David Stroud, CRO, NanoLock Security. He looks at Operational Technology (a distinct concept from Information Technology).

Here Stroud explains: “The 2021 Colonial Pipeline ransomware attack marked a pivotal moment for the U.S. All pipeline activity was halted to contain the damage, protect OT assets from potential impact, and maintain the operational integrity of critical infrastructure. The decision disrupted the flow of fuel to the East Coast, highlighting the vulnerability of OT systems to cyber threats and the devastating impact such attacks can have on the economy and national security.”

According to Stroud, more effort needs to be paid to Operational technology: “Despite increased regulatory attention to OT cybersecurity, progress has been too slow across the world. In 2022, the US Federal Government’s National Institute of Standards and Technology (NIST) published the “Guide to Operational Technology (OT) Security” (NIST SP 800-82r3), which calls for the protection of individual OT components (devices) from exploitation.”

This follows the best practice examples of the recent updates to the Codes of Practice for Critical Infrastructure (CSA CCoP 2.0) issued by the Cyber Security Agency of Singapore. Stroud explains this legislation urges “Device-level critical OT assets protection, and the new European Union regulation, NIS2, which explicitly requires the adoption of active cyber protection and prevention, as well as cyber hygiene practices, such as zero-trust principle and device configuration.”

In term of recommendations, Stroud puts forward: “To safeguard OT assets, companies and public bodies must shift their focus from detection to prevention. A prevention-based, zero-trust approach ensures configurational and operational integrity as well as uninterrupted OT activity even in the event of an IT attack. As we approach the two-year anniversary of the Colonial Pipeline cyberattack, it is crucial that the government, private sector, and the public accelerate their efforts to prevent similar attacks from happening in the future.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Social Media

Harris memes have been surging for weeks as the so-called "KHive" -- her online fandom -- pushed her as an alternative to her boss.

Social Media

These are posted by accounts who are really just looking to gain more followers.

Social Media

Kamala Harris faces a wave of gendered disinformation in the race to the White House. - Copyright AFP Brendan SMIALOWSKIAnuj CHOPRADoctored images, sexual slurs,...

Social Media

Launched late last year, Meta's system means users have to pay to avoid data collection.