Colonial Pipeline ransomware attack highlights need for cybersecurity investment


The only positive to take away from the ruthless ransomware attack which took a major US fuel pipeline offline is that it highlights to the world how important it is to invest in critical infrastructure cyber security.

Government experts, researchers and corporate security officers have long warned that critical infrastructure such as: utilities, water systems, transportation and grid networks to name a few lack the investment in security and the manpower to meet modern cybersecurity challenges, as hackers look to earn a quick buck through controlled chaos.

The DarkSide cyber-criminal gang were at least frank about their motivations. “Our goal is to make money and not creating problems for society,” they said.

In one of the largest ever disruptions in US energy infrastructure, the US had to issue emergency legislation after Colonial Pipeline was hit by the attack on 8 May. The pipeline, which carries 2.5 million barrels per day – 45 percent of the East Coast’s supply of diesel, petrol and jet fuel – was taken offline for days.

The incident, following closely on the heels of the February attack on a Florida water treatment facility in which hackers attempted to poison the city’s water supply, highlights just how vulnerable the energy and utilities industry is to such an attack.

In fact, the world has seen an increase malware attacks directly affecting critical infrastructure. As far back as 2012, the Shamoon virus was used to overwrite the hard drives of some 30,000 computers at Saudi Aramco, the Saudi Arabian national petroleum and natural gas company.

Two years later, another piece of malware known as DragonFly was used to target pharmaceutical firms, and in 2015 the BlackEnergy malware caused disruptions to the Ukrainian electrical grid. Then a new series of cyberattacks using the Petya malware began in June 2017, affecting the websites of Ukrainian organizations including banks, ministries, newspapers and electrical utilities. This also infected systems in many other countries including the United States.

The energy sector is both extremely sensitive and extremely valuable to hackers, and the question now is how to prevent this happening in the future, and potentially on an even bigger scale. The stakes are high because such attacks have clear market impacts. Downtime in a fuel pipeline, for example, has huge consequences, potentially impacting financial markets and fuel-dependant business sectors including airlines and transport – affecting millions of people.

There are two crucial elements to preventing such attacks, but both require investment. Secure endpoints by applying the Principle of Least Privilege to stop hackers from being able to leverage stolen credentials to enact privilege escalation and access sensitive data systems. It is also important to secure remote access through strong privilege user management and identity authentication.

Furthermore, an Endpoint Privilege Management solution would have stopped any ransomware in its tracks. Robust EPM solutions block any process or application attempting operations that are disallowed – such as encryption or lateral movement – regardless of the user’s privilege level, rendering ransomware impotent.

Today, remote access to IT infrastructure is critical to the continuity of production and service. Maintaining business productivity and protecting against catastrophic consequences of a breach or disruption is crucial.

However, it can be complicated to secure heterogeneous networks of tools and systems, and VPN technology is no longer sufficient. Introducing control over privileged access and activity is paramount, with complete visibility and traceability to ensure that privileged actions are authenticated, authorized, and blocked for rapid incident response.

There are other considerations in maintaining a robust defence against cyber-attacks, such as reducing shared accounts and password reuse, regular patching, performing vulnerability assessments and penetration testing.

All of this costs money, but now that the world can see how high the stakes are, it is clearly time to make that investment.