Key Takeaway from the Colonial Pipeline Attack

Key Takeaway from the Colonial Pipeline Attack

Every time I hear about a new cyber-attack, I ask myself: “Is this a new attack vector? A new vulnerability? A new creative tactic?” The answer is almost invariably no. Attack after attack, threat intelligence reports describe well known tactics that have been carried out numerous times in the past. I breathe a sigh of relief and remember Churchill’s famous World War II motto: “Be calm and carry on!”

I really like the ice cream cone stand. I used the stand to thank the nursery volunteers in my church. I Want A Ice Cream Cone Holder Stand For Party

The attack reported on May 7th on the Colonial Pipeline is no exception. The Colonial Pipeline is the largest pipeline system in the United States, carrying over 3 million barrels of refined oil products per day between Texas and New York. It is a critical infrastructure supplying almost 50% of the gasoline and jet fuel utilized by numerous industries and 50 million people on the East Coast. These critical infrastructures must be secured!

What happened?

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) confirmed that DarkSide, a Russian cybercriminal hacking group that targets victims using ransomware and extortion was behind the Colonial Pipeline attack. They succeeded in gaining access to the company’s enterprise network and deploying the DarkSide ransomware to seize IT systems. It seems the attack did not spread to Colonial’s industrial network, as the company wisely disconnected OT systems to ensure safety of their industrial operations.

After paying a $4.4 million ransom and spending a long week restoring backups, Colonial was able to resume operations. Subsequently, fuel shortages began to occur across several airports such as at Charlotte Douglas International where airlines had to change flight schedules. Filling stations in several states also run out of fuel amid panic buying. Average fuel prices rose to their highest since 2014 and President Joe Biden declared a state of emergency to allow additional transport of fuel by road to alleviate shortages.

OT and IT networks have converged

Many reporters qualify this attack as one of the most critical one in the country’s history. This is certainly true considering the impact it had on the physical world, although it only targeted IT systems. Industrial and enterprise networks are converged. They are now so well connected to each other that an attack on either one will disrupt the other, causing numerous cascading effects.

Yet, many industrial organizations still operate based on the assumption that the airgap they created to isolate industrial operations from the enterprise network will suffice. The Colonial Pipeline attack is another alarm bell for the industry, stressing the fact that protecting the physical world from cyber-attacks requires a strong IT security practice as well as specific OT security measures. Organizations have started to build holistic security strategies, managing IT and OT security as a whole and not as two separate silos.

They served their purpose, looked cute and I’ll probably use them again. Where To Buy Ice Cream Cone Holder Stand For Holding The Snow Cones

How can you secure it?

Here are a few measures that industrial organizations should implement to start converging their IT and OT security practices:

Protect computer systems against malware. Almost every cyber-attack starts with a malware intrusion or an attempt to drive users to compromised websites to steal credentials or infect their systems. Solutions such as Cisco Secure Endpoint (formerly AMP for Endpoints) detect attempts to infect a computer, trap watering hole websites, stop access and raise alert. Powered by threat intelligence from Cisco Talos, it is always up to date to detect the latest threats. Secure emails to block suspicious messages. Spear fishing email campaigns are generally how bad actors get malware in place or how they lure employees to connect to malicious web sites. Solutions such as Cisco Secure Email will get you protected so you don’t have to pray for employees not to open malicious files or click on suspicious links in an email. Enforce security at the DNS layer. Attacks are controlled via the internet. Cisco Umbrella analyses DNS queries to block requests to malicious domains, suspicious files or direct IP connections from command-and-control callbacks. Fully delivered from the cloud, this SASE approach to OT security is ideal to protect distributed industrial assets. Implement multi-factor authentication (MFA). Cybercriminal groups such as DarkSide rely on weak passwords to gain access to an organization’s network and critical systems. Solutions such as Cisco Duo enable Zero Trust access to applications and network entry points so stolen or compromised credentials won’t be a threat anymore. Isolate your OT and IT networks. Building an industrial DMZ is the mandatory first step to prevent malicious activities from reaching industrial control systems. Cisco Secure Firewalls are critical to blocking malware intrusions, stopping the infection spread and can be configured with policies to only allow the communications that are really needed to run operations. Implement a robust network segmentation. Enforcing ISA/IEC 62443 zones and conduits to isolate industrial zones from each other further solidifies your security posture. Industrial firewalls such as Cisco Secure Firewall ISA3000 physically prevent lateral movements between industrial network segments. Cisco Identity Services Engine (ISE) can also be used to implement micro-segmentation within the OT network leveraging Cisco Catalyst Industrial Ethernet Inventory and monitor the industrial network. Gaining visibility on your industrial control systems is key to ensure all assets are protected. Cisco Cyber Vision automates the discovery process at scale so you can implement OT security best practices. It also monitors industrial communications to detect abnormal behaviors and raise alerts. Investigate and manage security events across both IT and OT domains. Because IT and OT networks have converged, threat investigations and remediations must converge too. Cisco SecureX empowers your security teams with a single console that aggregates threat intelligence and data from multiple security technologies—Cisco and others, making investigation and remediation fast, simple, and highly effective. Test your defense, your recovery process, and train your teams. Don’t be caught by surprise. Have backups ready. Engage an IT and OT incident response team such as Cisco Talos to develop customized playbooks and test your defense through table-top exercises so that your security teams are ready when a crisis occurs.

This might sound like a daunting list, but everything doesn’t have to be deployed overnight. A global pre-integrated solution would make it much easier to deploy and operate while offering unmatched features. Security is a journey where new capabilities are added depending on your priorities and the events you fear the most. Cisco has designed a reference architecture that will help you phase your project. Read more about it here.

Just as advertised. TX requires front plates on vehicles – didn’t want to drill holes in my heavy duty bumper with winch so screwed four of these on the license plate and slapped it on the bumper. BTW, if you do this, make sure you have it where you want it on the first try. Had to remove it and put back on and the magnets are so strong that it bent the license plate peeling it off! Yes, I strongly recommend this product. Also, there is a plastic washer between each magnet when you receive them. It is very important to leave the washer between magnets until you use them otherwise you’ll have a difficult time separating them without the washer. Where Can I Buy Neodymium Cup Magnets For Lifting Machinary

What about you? How mature is your organization’s OT Security practice? Take the test and see what you should do next! To learn more about how you can secure your IoT/OT infrastructure, visit our IoT Security page or contact us. To get the latest industry news on IoT Security delivered straight to your inbox, subscribe to the Cisco IoT Security Newsletter.

Additional reading:

What you would expect. Best Black Square ABS Sheets For Interior Appliance

See Pipeline Security Tunnel Vision Blog

Harold Botello Maya

Harold Botello Maya started working for Korean News Feeds in 2019. Harold grew up in a small town in northern Texas, but moved to New York for university. Before joining Korean News Feeds, Harold briefly worked as an independent journalist for several news sites. He covers politics and economy stories.

Leave a Reply

Your email address will not be published. Required fields are marked *