Colonial Pipeline Cyberattack Reveals Manufacturing’s Vulnerabilities

Page Views: 640
Pipeline Bloggraphic 01

The recent cyberattack on the Colonial Pipeline blocked an artery in America’s critical infrastructure, harming the health of a patient that has not fully recovered from the COVID pandemic. Just as the human body is susceptible to SARS-CoV-2, the coronavirus that causes COVID19, businesses are vulnerable to ransomware, a form of cryptovirology that holds a victim’s information hostage until a ransom has been paid. Both individually and collectively, the stakes are higher than you might think.
When a business is large and its operations affect the general public, cyberattacks like the one on Colonial are well-publicized. “Everyone is reporting on this ransomware attack because it affects the networks involving an oil pipeline,” says Katie Nickels, director of intelligence at the cybersecurity firm Red Canary, but “ransomware attacks have been going for years”. Because manufacturers are also vulnerable to ransomware, it’s important to apply lessons learned from high-profile cyber incidents.

IT, OT and Cybersecurity

In the case of the Colonial Pipeline attack, the damage was too large to go unreported since the pipeline carries 45% of the East Coast’s supply of diesel, gasoline, and jet fuel. According to the FBI, a cybercriminal enterprise known as DarkSide targeted Colonial’s information technology (IT) network instead of its operational technology (OT) network, which includes pumps, valves, and various flow measurement and safety technologies. Nevertheless, Colonial shut down its OT network out of an abundance of caution.
“With this attack, and in other attacks, operators end up shutting down their whole OT production because they can’t be certain about what’s been impacted by the attack or how to respond,” explains Leo Simonovich, head of industrial cybersecurity at Siemens Energy. Often, ransomware enters an IT system through a network connection that isn’t secured with two-factor authentication, or via a phishing email that tricks a recipient into sharing protected information with what seems like a trusted sender.

Paying for Cyberattacks vs. Investing in Cybersecurity

According to multiple sources, Colonial Pipeline has paid nearly $5 million to DarkSide as a ransom to unlock its computer systems, which displayed a message about the type of confidential information that would be released publicly if the ransom went unpaid. When combined with the cost of unplanned downtime, the pipeline operator may have determined that the costs associated with disclosure were too high to hold out. According to the global security company Kaspersky, more than half (56%) of ransomware victims paid the ransom to restore access to their data last year.
Investing in cybersecurity may seem cost-prohibitive until you consider the potential cost of an attack. When unsecured, both IT and OT networks are targets of opportunity for cybercriminal enterprises like DarkSide, which recently hit Toshiba Corp. in Europe. Without NIST 800-171 cybersecurity compliance, manufacturers who are part of the supply chain for the U.S. Department of Defense (DoD) also risk losing existing contracts as well as their ability to bid on new contracts.

Virtual Cyber Assessment Workshop

If you’re part of the DoD supply chain, join the New York State Manufacturing Extension Partnership (NY MEP) for a Cybersecurity Self-Assessment Workshop on July 15. Our experts will explain what you need to know about NIST SP 800-171 and guide you through hands-on exercises as you assess your cyber readiness. You’ll also learn about the Supplier Performance Risk System (SPRS) and how to determine your SPRS score so that you can submit it for DoD contract opportunities.
Learn more and register now.

Comments

3 thoughts on “Colonial Pipeline Cyberattack Reveals Manufacturing’s Vulnerabilities”

  1. Great analysis. Key for folks to understand is how to recover from one of these types of attacks and be more resilient. Ransomware is hard to defeat. The human is the weak link and infinitely less than perfect. My work with MEPs and their customers allows me to see how much need there is throughout the US manufacturing eco system. Strategies such as a 3-2-1 backup strategy, encryption at rest to prevent any exfiltrated data from being sold or exploited and a holistic risk assessment that leverages a Cyber Value at Risk (CyVar) approach to investing in cyber risk reduction. I advise the manufacturers I work with to look beyond 800-171 or CMMC. While required if you are a DoD focused manufacturer, you have to go beyond the data centric CUI objective and extend risk assessments to IoT and building automation and factory floor OT and IoT risk assessments and mitigation. Regular pen testing also helps to assess exploitable vulnerabilities and compliance gaps.

Leave a Comment

Your email address will not be published. Required fields are marked *

Exhibitor Inquiry
Attendee Request Form: 2023 Hardware Prototyping Workshop
Thanks for your interest in this resource, fill out the information below to download.

"*" indicates required fields

Hidden
This field is for validation purposes and should be left unchanged.

X
X