The ransomware attack against the Colonial Pipeline company not only shut down operations across one of the US’s most crucial 5,500-mile energy infrastructures but it exposed a significant weakness in the national cybersecurity strategy that has been 20 years in the making.
This latest incident should be a red line for US critical infrastructure owners, operators, regulators, and the Department of Homeland Security. Although much work has gone into hardening industrial control systems during the last decade, they remain vulnerable to a wide variety of cyber threats because of connections between business and operational networks.
There are now malicious actors who are characterising themselves as bona fide businesses with their own set of ethics, but who are themselves not in control of their overall impact due to the interconnectedness of businesses and operational networks. These interconnections lay bare the networks that power the economy and way of life — networks that now face cyber-attacks and adversaries increasing in sophistication.
The growing pace and sophistication of nation-state attacks, coupled with an ever-expanding attack surface, makes our ability to accurately quantify and prioritise cyber risks within the context of individual businesses an urgent priority. Critical infrastructure cybersecurity must adopt a risk-led security strategy backed by a real-time decision and operational support system to ensure it can mitigate future threats.