The recent cyberattack on the Colonial Pipeline blocked an artery in America’s critical infrastructure, harming the health of a patient that has not fully recovered from the COVID pandemic. Just as the human body is susceptible to SARS-CoV-2, the coronavirus that causes COVID19, businesses are vulnerable to ransomware, a form of cryptovirology that holds a victim’s information hostage until a ransom has been paid. Both individually and collectively, the stakes are higher than you might think.
When a business is large and its operations affect the general public, cyberattacks like the one on Colonial are well-publicized. “Everyone is reporting on this ransomware attack because it affects the networks involving an oil pipeline,” says Katie Nickels, director of intelligence at the cybersecurity firm Red Canary, but “ransomware attacks have been going for years”. Because manufacturers are also vulnerable to ransomware, it’s important to apply lessons learned from high-profile cyber incidents.
IT, OT and Cybersecurity
In the case of the Colonial Pipeline attack, the damage was too large to go unreported since the pipeline carries 45% of the East Coast’s supply of diesel, gasoline, and jet fuel. According to the FBI, a cybercriminal enterprise known as DarkSide targeted Colonial’s information technology (IT) network instead of its operational technology (OT) network, which includes pumps, valves, and various flow measurement and safety technologies. Nevertheless, Colonial shut down its OT network out of an abundance of caution.
“With this attack, and in other attacks, operators end up shutting down their whole OT production because they can’t be certain about what’s been impacted by the attack or how to respond,” explains Leo Simonovich, head of industrial cybersecurity at Siemens Energy. Often, ransomware enters an IT system through a network connection that isn’t secured with two-factor authentication, or via a phishing email that tricks a recipient into sharing protected information with what seems like a trusted sender.
Paying for Cyberattacks vs. Investing in Cybersecurity
According to multiple sources, Colonial Pipeline has paid nearly $5 million to DarkSide as a ransom to unlock its computer systems, which displayed a message about the type of confidential information that would be released publicly if the ransom went unpaid. When combined with the cost of unplanned downtime, the pipeline operator may have determined that the costs associated with disclosure were too high to hold out. According to the global security company Kaspersky, more than half (56%) of ransomware victims paid the ransom to restore access to their data last year.
Investing in cybersecurity may seem cost-prohibitive until you consider the potential cost of an attack. When unsecured, both IT and OT networks are targets of opportunity for cybercriminal enterprises like DarkSide, which recently hit Toshiba Corp. in Europe. Without NIST 800-171 cybersecurity compliance, manufacturers who are part of the supply chain for the U.S. Department of Defense (DoD) also risk losing existing contracts as well as their ability to bid on new contracts.
Virtual Cyber Assessment Workshop
If you’re part of the DoD supply chain, join the New York State Manufacturing Extension Partnership (NY MEP) for a Cybersecurity Self-Assessment Workshop on July 15. Our experts will explain what you need to know about NIST SP 800-171 and guide you through hands-on exercises as you assess your cyber readiness. You’ll also learn about the Supplier Performance Risk System (SPRS) and how to determine your SPRS score so that you can submit it for DoD contract opportunities.
Learn more and register now.