The Colonial Pipeline cyberattack exploded into our lives on Friday, May 7th, shutting down the pipeline that provides nearly half of the gasoline and diesel for the East Coast (primarily the Southeast) of the United States for six days. The Pipeline hack wreaked havoc and panicked buyers, causing a tidal wave of gas hoarding across the U.S. As a former Florida native, my friends and family called in a panic, “What is happening?” they asked. “What exactly does this mean?” they demanded to know. With eerie timing, a few days after the Colonial Pipeline hack, U.S. President Biden released an Executive Order to strengthen the government’s cybersecurity infrastructure, leaving the average American person shaken and forced to focus on something that is often overlooked and ignored. Cyber basics, like password authentication, get an eye roll and a sigh. Cybersecurity is seen as an annoyance, not a requirement. Until now.
This week’s Reimagining Cyber episode, “Colonial Pipeline fuels the fire: not the first, not the last, and how to protect for the future,” with Brett Thorson, Principal at Platinion, the cybersecurity arm of Boston Consulting Group (BCG) went into a deep dive about the Colonial Pipeline attack and how to prepare for future attacks. He also explains the attack in layman’s terms, likening it to living in an apartment building and watching suspicious characters.
“It [The Colonial Pipeline] brought it [cyber attacks] to everyone's attention. You can now relate it to different things. So, let's take home security like you drive into your neighborhood or your apartment building, and maybe you have a fence around it, right? You can look and visually see ‘Is that fence intact?’ or you can see ‘Is there a stranger standing on the corner with a clipboard?’” he says. People drive two and fro from the building throughout the day, making the “security” physically easy to see.
“The corollary to cybersecurity is when you drive up to the building, you have no idea if the firewall has been accidentally configured to cross two VLANs and completely bypass it. There is no way of knowing that. That's why you need constant testing. That's why you need to have the Neighborhood Watch, if you will,” he continues. “You need to have a specialized company come in with specialized skills and tools, and poke holes and try to test everything.” The key, Thorson says, is to have a plan.
“Hackers run wild,” he says. “You don't know when it's going to happen - or if it could happen.”
Thorson recommends running frequent tabletop exercises within your organization to find possible weak spots in your cyber strategy and prepare for hackers. During these exercises, he starts at the Board level, working his way down the chain, through the C-levels (purposely leaving out the CEO), to tactical managers (leaders of communications, legal, HR, etc.), down to the people actually testing SOC and C-certifications. When doing these exercises, it’s important to consider the following things:
- Do you have all of the data you need to make decisions? How can you make decisions with imperfect or incomplete data?
- Do you have an escalation path?
- Do you know who your cyber insurer is?
- What is your response at the front line manager level if there is an attack/hack?
- What does your communication chain look like if there is an attack?
“The people who manage the switches in the offices are going to be different than the people who manage the IT healthcare infrastructure. So, you usually have to deal with them separately or differently. But at the same time, you’ve got to make sure that these people are talking back and forth to each other. For OT, you just have to be really sensitive to the sensitivities of the organization,” he cautions.
“You don't want to cause loss of life, you don't want to cause injury, harm, etc. And maybe just a little bit of internal embarrassment, if you will, like we like to say we go in there and we cause just enough chaos to make people sweat, but not enough to throw their hands up and say, ‘Well, this is impossible!’ because there will always be a better hack or a better attack or a better vulnerability or something.”
Three key takeaways* I got from this podcast were:
- Prepare for the worst while hoping for the best
- Control what you can
- Keep the lines of communication open
*I also appreciate the layman’s explanation of cybersecurity hacks, so I can now explain it to my non-tech savvy family and friends.
Listen to the full recording of this podcast, “Colonial Pipeline fuels the fire: not the first, not the last, and how to protect for the future.”
CyberRes is a Micro Focus line of business focused on helping companies protect, detect, and evolve their security framework and helping organizations become more cyber resilient. To learn more, visit CyberRes.com and CyberResilient.com.