Connect with us

Hi, what are you looking for?

Tech & Science

Colonial Pipeline anniversary: How have organizations improved their IT infrastructure?

Organizations have also learned the need to assess both livelihood and financial risks.

Cyberattacks: Bigger, smarter, faster
A cyberattack in mid-May paralysed Colonial Pipeline, one of the largest US oil pipeline operators - Copyright AFP/File Logan Cyrus
A cyberattack in mid-May paralysed Colonial Pipeline, one of the largest US oil pipeline operators - Copyright AFP/File Logan Cyrus

On May 8, 2021, U.S. Colonial Pipeline shut down its operations due to a ransomware cyberattack, leading to a rarely issued emergency declaration by the U.S. federal government. One year on, what have businesses learnt from the incident?

Following the attack, cyber experts urged companies and organizations to strengthen their cyber-related policies, procedures, staffing and resources. What progress has been made?

To understand more about the legacy of the cyberattack one year one, Digital Journal reached out toBenny Czarny, Founder and CEO of OPSWAT, the leader in critical infrastructure protection, as an expert resource.

Czarny holds over 25 years of experience in the cybersecurity and privacy space, giving him unique insights on the Colonial Pipeline attack, especially with increasingly frequent cyberattacks on critical infrastructure.

According to Czarny, the core lessons include: “A major lesson organizations have learned is the need for a managed Security Operation Center (SOC): that is, operationalization of ransomware response and professional response teams and services.”

These lessons are:

Operational Technology

An example within the critical infrastructure space, is managed Operational Technology (OT) SOC. This means better performance monitoring of all systems, enforcing standard change management processes, vetting and deploying updates, and immediately reacting to any potential threats. 

OT-specific malware

Organizations have also learned the need to safeguard their critical environments, especially with the recent news of OT-specific malware (Pipedream/Industroyer2) and Shields Ups warning. Safeguarding includes adapting a defense-in-depth approach, with end-to-end security measures from the cloud all the way down to protecting critical operational assets. The revised TSA pipeline security directive makes a clear separation between IT and OT, with enhanced security measures, disaster, and recovery plans for the OT environment.  Essentially, an incident at the IT environment is virtually inevitable, but contrary to the Colonial Pipeline incidents – OT operations shouldn’t be impacted and shouldn’t be shut down.

Livelihood risks

Organizations have also learned the need to assess both livelihood and financial risks. From a livelihood perspective, critical organizations now understand both cyber and physical risks, including prioritization of risk areas, and asset management and containment of attacks through more aggressive segmentation of critical data.

Financial risks

From a financial risk perspective, Colonial Pipeline and other critical infrastructure attacks have taught organizations NOT to pay. There is no guarantee they will regain access or that data has not already been leaked or stolen. Payment also reinforces future and more sophisticated attacks—and it could be a US Sanctions Violation.

Moving in-house

Some believe that ransomware-as-a-service has tapered off and mature attack groups are bringing expertise in-house. This means higher quality and more targeted ransomware will be potentially harder to detect and remediate. Perhaps there may be fewer attacks, but they could be more damaging and difficult to recover from.

Summing up, Czarny finds: “Lastly, some security researchers believe REvil ransomware group (or another closely tied to REvil) is working on a new ransomware operation, begging the question: Is there a risk of “copycat” attacks with the one-year anniversary coming up? The main concern is the increasing aggressiveness of hacking groups from increased crackdowns—especially with the high “ROI” for attacks on critical infrastructure.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

If the government doesn’t think differently about the delivery, it could leave the poorest children and families far behind.

Business

What is clear is how companies can increasingly "leverage the value of that advert across multiple different platforms, not just TV. 

Business

The moves, which Beijing said were to safeguard national security, swiftly followed Washington's own curbs to hobble China's ability to make advanced computer chips...

World

'I came to see this place that we were banned from, because they wanted us to live in poverty and deprivation,' one Damascus resident,...