A cyber-attack has recently crippled the largest oil pipeline in the United States for almost a week and forced the President to declare a state of emergency.
It was a ‘ransomware attack’, where demand for a ransom payment in exchange for removing a block to the attacked firm’s systems and data is made.
More specifically, ransomware is a malicious code that infects various types of devices and is capable of spreading through corporate networks. It encrypts files to make machines unusable.
Until now industrial devices, have always been isolated, which means that industrial process control devices were not connected to the internet. Their networks were totally in the dark and there was no need to take much care of their cybersecurity. But now things have changed.
Companies work and produce in the new era of the Internet Of Things (IoT) keeping their devices connected to the network allowing streamlining and more efficient processing. At a security level, this is a problem as the connection to the internet makes it susceptible to suffer an attack from anywhere in the world.
The most critical industries
Water plants are, along with the gas and pharmaceutical industries, some of the critical sectors most vulnerable to cyber-attacks involving industrial IoT devices.
A cyber-attack can have consequences not only for the company but for the whole population and that is precisely what makes them more attractive to cybercriminals. The greater the threat, the greater the profit for them.
For example, in the pharmaceutical industry, if one of the pieces of full equipment is attacked, the production can come to a standstill. Imagine if that were to happen with the development of coronavirus vaccines.
What can we learn from the colonial pipeline cyber attack
Experts warn us that there’s been a lot of threats with the Internet of Things as more things go on the network. Now we see that what was classically IT, or information technology, and what was classically OT, operations technology, like control systems, power plants or pipelines, which were typically separated, converged through this Internet Of Things, which means a massively interconnected infrastructure. These are all part of the same emerging threat where critical infrastructures that are physically controlling pieces of critical infrastructures are exposed to cyber threats.
We saw it coming in the sense that it is inevitable that these things are going to happen. There are many ways for the attack to come in. For example, in many cases, ransomware gets in through a business email, somebody maybe clicked on a phishing email and that’s how the malware gets into these critical infrastructures
You could have vulnerable components that are exposed, hacked in from outside without knowing it.
This Colonial Pipeline incident shows us how the critical infrastructures that connect things that hit our physical everyday life, right now, just the internet, are also vulnerable.
How do we keep this from happening?
We can do things like blocking some of these attacks proactively at the network layer or by using better security tools like antivirus as much as we can, network firewalls or network intrusion detection systems and so on.
Those are all part of your defence-in-depth strategy to detect and see if something has gone wrong.
You also need to have a recovery mechanism in place. You assume that things will go wrong. The question is, how quickly can you recover from it?
So, we can certainly be better on detection, but at some point, you also need to have a recovery strategy. Do you have backups? Do you have a way of rebooting the systems? Do have a way of finding what else was compromised to take them off the network?
If answers are no, so, you also need a recovery plan in place.
At ProjectBinder we are experts in keeping your network safe so contact us and we will assess you in the best strategy to improve your network security.