2 min read time

Humans and Machines Special Segment: Colonial Pipeline Cybersecurity Attack

by in Cybersecurity

The recent attack on the Colonial Pipeline has shed new light on security concerns relating to operational technology (OT) breaches especially in supply chain applications. Initially, breaches on OT devices may not seem catastrophic, but this recent attack has halted pipeline activity restricting oil flow to the east coast of the USA and caused panic to the point that people have attempted to fill up plastic bags with gas in an effort to horde gas. Historically, the Colonial Pipeline has provided 45% of the east coast's oil. This breach is attributed to "DarkSide," a ransomware group located in Russia.

 In this "Humans and Machines Podcast" special segment, Mario Daigle has a conversation with Chris Anderson about the recent Colonial Pipeline attack and its immediate consequences. Chris is a business and IT risk and cyber security professional is an Advisor at Welch LLP and he gives his candid take on how to prepare for future attacks on networks containing OT devices, and what businesses can do to prepare for similar attacks in the future.

Chris mentions that the Colonial Pipeline attack as well as the SolarWinds breach may both provide motivation for governments and citizens to put more emphasis on investing in infrastructure security. Often, society infrastructure updates do not keep current with growing populations and needed repairs. These issues are understood by many people, but many do not realize that OT security is an essential part of keeping infrastructure current.

How does this affect your business? Chris says that this really depends upon your business and your dependency on OT. To determine your organization's vulnerability each company should evaluating their dependency on IoT and the OT security in place. If you have OT devices connected to the internet, then you might have a vulnerability that could be exploited. The next question that each organization needs to contemplate is if OT devices have security software updates or if they are delinquent on new release versions. Keeping current on new version and security patches will ensure that known vulnerabilities will be closed to hackers.

After this podcast was conducted, it was reported that the decision was made to pay the ransom to the hackers to the tune of about $5 million which sets a difficult precedent for future hacks. Should corporations pay ransoms in the future or was paying the Colonial Pipeline ransom a onetime event? Either way, protecting and securing OT needs to be a point of focus for security going forward to ensure that attacks like these are minimized. It is no coincidence that ArcSight's recently announced partnership with Dragos is positioned to secure OT devices in the future. The newly announced integration provides comprehensive visualization for OT/IoT/IIoT assets and anomalies, helps to rapidly identify and pinpoint threats, and investigate and respond to threats. 

Check out the full interview and Chris' article linked below!

Chris Anderson's article: Colonial Pipeline Ransomware Incident – What can we learn?

View podcast special segment:

What is Threat Intelligence? | What is an Insider Threat? | What are Behavioral Analytics?