paint-brush
Colonial Pipeline Shutdown Affirms Need for Better OT Cybersecurity Practicesby@alihatanveer
460 reads
460 reads

Colonial Pipeline Shutdown Affirms Need for Better OT Cybersecurity Practices

by Aliha TanveerMay 25th, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

There is a new cyberattack someplace on the internet every 39 seconds! 30,000 websites are hacked on a day-to-day basis. 6.4 billion fake emails are sent daily around the globe. Ransomware cases evolved by 150% in 2020 and 6 out of 10 attacks intended to obtain money from individuals and organizations. 20 million breached records were reported in March 2021. The American Automobile Association affirmed on Monday that US fuel prices at the pump were up 6 cents per gallon on the week to $2.967 per gallon.

People Mentioned

Mention Thumbnail

Company Mentioned

Mention Thumbnail
featured image - Colonial Pipeline Shutdown Affirms  Need for Better OT Cybersecurity Practices
Aliha Tanveer HackerNoon profile picture

Everyone is at risk whenever it boils down to cyberattacks. Cybercriminals prey on every single one who is using the internet. Not only this, enterprises of all sizes are targets of hackers whether it’s government sectors, private individuals, big corporations, or small businesses. 

Let’s lay eyes on some stats and facts. 

There is a new cyberattack someplace on the internet every 39 seconds! 30,000 websites are hacked on a day-to-day basis. Ransomware cases evolved by 150% in 2020.

During that same year, 6 out of 10 attacks intended to obtain money from individuals and organizations. 6.4 billion fake emails are sent daily around the globe. 20 million breached records were reported in March 2021. Also, approximately 24,000 malicious mobile applications are blocked on a daily basis across the internet. 

These numbers are progressing with every passing day, ensuring that hackers are always in search of the next vulnerable system to invade. Above mentioned stats and facts lead us to the reality that it’s high time for tech giants and businesses to take appropriate measures for the enhancement of their cybersecurity protocols. 

Recently, 

“On Sunday, the government of the United States proclaimed a regional emergency as the US's largest fuel pipeline system remained shut down for two days after it was hit by ransomware cyber attack.”

Colonial Pipeline Hit by a Ransomware Cyber-attack

On Sunday, emergency legislation was issued by the United States after the occurrence of the Colonial pipeline cyber attack. The pipeline carries 45% of the supply of jet fuel, petrol, and diesel for the East Coast, 2.5 barrels per day.

After the cyberattack, operators shut down the Colonial pipeline on Friday, working continuously to restore their services. The gang stole approximately 100 gigabytes of data hostage, bullying to leak it all across cyberspace. 

The FBI officially confirmed on Monday that DarkSide was responsible for disrupting the Colonial Pipeline Network, proclaiming that it was continuously working with the firm as well as other government agencies during the investigation. 

On Monday, US president Joe Biden alleged during his speech at White House that, 

“I was personally briefed about the situation of the pipeline every single day. The agencies across the government have reacted immediately to alleviate any influence on our fuel supply. We are ready to take additional steps depending upon how soon the company is capable of bringing pipeline back into the work.”

Numerous cybersecurity researchers hypothesized that those cybercriminals could be Russians, considering the fact that their software avoids the encryption of any computer systems where the language is set as Russian. Biden also said that the government of the United States is very much concerned about the issue and he is going to have a meeting with President Putin sometime soon. 

How The Attack Took Place

According to Digital Shadows, the outbreak of COVID-19 assisted the Colonial Attack as, during the pandemic, a tremendous amount of engineers were remotely accessing the control systems for the pipeline.

The co-founder of Digital Shadows, James Chappell thinks that DarkSide could have unauthorized access to account login credentials for remote desktop software for example Microsoft Remote Desktop and TeamViewer. 

Mr. Chappell said, 

“Anyone can have access to the login portals from computers which are connected to the internet on search engines such as Shodan, and then hackers just keep on trying different user credentials i.e usernames and passwords until something works in their favor. We are currently seeing more than a lot of victims now which is a big problem for the global economy.”

The research by Digital Shadows depicts that the cybercriminal gang is based in some Russian-speaking country as it avoids attacking such companies which are situated in post-Soviet states such as Uzbekistan, Tajikistan, Turkmenistan, Kyrgyzstan, Kazakhstan, Azerbaijan, Moldova, Armenia, Georgia, Belarus, Ukraine, and Russia. 

Impact on Fuel Prices 

The American  Automobile Association (AAA) affirmed on Monday that US fuel prices at the pump were up 6 cents per gallon on the week to $2.967 per gallon for regular unleaded gasoline. Also, Wall Street shares in US energy firms rose 1.5%. AAA affirmed that fuel prices were heading towards one of the highest levels since the year 2014. 

The government of the United States relaxed rules on fuel transportation via road on Sunday to minimize supply disruption. This permitted drivers in 18 states to work with more flexible hours while transporting refined petroleum products. However, there are errors that could possibly prolong the Colonial pipeline shutdown. 

Gaurav Sharma, an independent oil market analyst, claimed that an immense volume of fuel was stranded at Texan refineries. He also said that this issue has to be resolved by Tuesday, otherwise intense troubles might occur. Impacted areas could be Atlanta, Tennessee, and New York. future oil traders are now scrambling to meet fuel demands at the moment when inventories of the United States are declining. 

My Opinion

Shutting down Colonial Pipeline operations clearly depicts that they have little to no faith in their present security environment, presently operating security systems and postures. I believe that the colonial shutdown took place because of the lack of visibility of their operational technology (OT) system’s security status.  Hence greater visibility into the current OT system will surely boost the restart process. 

Also, industrial organizations must focus on better segmentation of networks and functions for the prevention of such sort of shutdowns of operational systems. They must develop proper architectures and must know how to react to particular circumstances. 

They must have that sort of real-time visibility that they can react immediately if someone starts impacting their network operations in a certain geographic area. This would help them in detecting that where else they could be potentially vulnerable and isolable those influenced systems as soon as possible. 

Another point to ponder for organizations is governance policy encompassing ransomware occurrences, certainly preparing for the repercussions of cyberattacks by lining up effective and efficient communication strategies. Industrial organizations must also develop prudent plans for the management of such attacks. 

In the end, I would like to shed some light on the fact that industrial organizations must work with federal partners to stay one step ahead of cybercriminals. Private sectors must be combined with the federal government to dodge such attacks or react appropriately during unfortunate situations.