What happens when a major city’s electricity goes out? Or water supplies are shut off? Or oil pipelines are hacked? The cyberattack on Colonial Pipeline Co., the largest U.S. fuel pipelines — which CBS News refers to as “a major fuel artery” — signifies an immense problem. What used to be caused by a natural disaster, such as an ice storm or hurricane, can now be blamed on hacks and cyber terrorism. Our country’s critical infrastructure is at great risk and has been for years.
The Wall Street Journal states that the Colonial Pipeline supplies about 45% of the fuel consumed on the East Coast, running from the Gulf Coast to New Jersey — affecting its massive supply chain. “It isn’t the first cyberattack that the U.S. energy industry has suffered, but it is a dramatic example of what can happen when malicious software affects the computer systems of an energy company. The energy industry is a big target, with 2.5 million miles of pipelines and a vast array of sensors, valves, leak-detection tools and other systems linked not only to pipelines but also to refineries and power plants.” According to CNET, Colonial services seven airports and operates in 14 states. Its system carries more than 100 million gallons of fuel per day. When Colonial Pipeline was recently hit with a ransomware attack, the shutdown caused panic buying of gas in many southeastern states, according to ABC News.
In this latest ransomware hack, it is reported that Colonial paid a $5 million ransom to the cybercriminals. CNET describes ransomware as a type of malware that hackers use to scramble a company’s computer data and hold it hostage until a ransom is paid. Cyberattacks on critical infrastructure posed the fifth-highest economic risk in 2020, according to the World Economic Forum (WEF), writes industry pundit, Mark Wilczek in Dark Reading. He explains, “Today, most grids are closely interlinked — regionally, nationally, and internationally as well as with other industrial sectors…cyberattacks on critical infrastructure have become a big concern for industry and governments everywhere.”
This highly-publicized and damaging hack prompted President Biden to sign an executive order this week, aimed at hardening the federal government’s cybersecurity defenses. CBS News reports that the order “directs the Commerce Department to author new standards for software vendors supplying the federal government.” The Colonial Pipeline hack is the latest of several high-profile hacks that have compromised federal agencies, companies, businesses, and critical infrastructure.
“Attackers targeting energy critical infrastructure have become more technologically sophisticated and include state actors and criminal gangs. Hackers are seeking out unsecured ports and systems on industrial control systems connected to the internet,” comments Forbes author and thought leader, Chuck Brooks. He provides insight as to what additional cyber challenges to expect:
- Critical infrastructure attacks (via ransomware and malware) will heighten In numbers and intensity
- Expect continued and elevated sophistication of cyber-attacks
- Greater collaboration among cybercriminals
- Internet of Things devices present special security challenges
This latest attack raises concerns about how vulnerable our nation and its infrastructures are. Blake Dowling of Aegis Business Technologies said this hack is “as simple as a user clicking what they might perceive to be a safe link that was sent to them through email,” according to WCTV. Dowling urges the federal government to help companies and small businesses and that this should “serve as a wakeup call to how vulnerable computer systems can be to attacks.”
A Snapshot of Critical Infrastructure: Then and Now
Hacks to the government and the nation’s critical infrastructure are not new. Industry experts have been warning of critical infrastructure attacks for years. Back in 2016, Fireeye warned that the frequency of attacks against critical infrastructure is increasing at an alarming rate, “Many of the cyber defenses used by critical infrastructure owners and operators to ward off attacks are outdated and ineffective. These systems remain highly vulnerable to hackers, who could gain control of nuclear plants, railways and any number of other vital systems.”
Fast forward to 2018. Homeland Security Today reported on the results of a survey of executives at critical infrastructure organizations; 57% of those surveyed believe they lack appropriate controls to protect their environments from security threats. Industrial organizations face incredible challenges and risks, with 35% of respondents said they have little visibility into the current state of security within their operational technology (OT) environments.
Just last year, the United States Cybersecurity & Infrastructure Security Agency (CISA) warned of an intrusion that compromised government agencies and critical infrastructure, posing a “grave” risk to government and private networks. We know this as the SolarWinds hack.
Partner blog post of interest: Fortinet: Protecting Against Evolving Ransomware Attack Trends