What should organizations do to prepare for future cyber attacks like the one at Colonial Pipeline?
The Colonial Pipeline Cyber Attack
According to a press release, the Colonial Pipeline Company was the victim of a ransomware cybersecurity attack on May 7. Colonial Pipeline took certain systems offline to contain the threat, halting all pipeline operations and affecting some IT systems. As of May 10, they are still in the process of safely restoring these operations and have a communicated a goal of “substantially restoring operational service by the end of the week.” The FBI confirmed that the attack came from a cybercriminal group known as DarkSide. According to unnamed sources in a Bloomberg article, the hackers actually began their attack against the company a day earlier, stealing a large amount of data before announcing themselves by locking computers with ransomware and demanding payment.
The Colonial Pipeline is responsible for transporting nearly half of the East Coast’s fuel supply from Texas to New Jersey, according to the company. As a result, fuel prices on the East Coast could rise if the shutdown is prolonged. The United States government has issued an emergency waiver to drivers in 18 states to work extra or more flexible hours when transporting refined petroleum products to attempt to offset this.
How can critical infrastructure organizations prepare for future cyber attacks like this one?
Eric Goldstein, Executive Assistant Director for Cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said “we encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
How can organizations act upon this advice? A software like versiondog can help organizations in the oil and gas industry, as well as many others, save time and effort while securing IT and OT devices against cyber attack. How?
The DarkSide hackers attacking Colonial Pipeline stole data the day before demanding a ransom, according to a Bloomberg article. Other recent cyber attacks have taken a different approach. Hackers can simply make a small change to the code used in industrial control systems and dramatically affect production. Even a minor change to a PLC could create a major safety concern, deteriorate product quality, or cause unplanned downtime.
Organizations can safeguard against unauthorized changes by using a change management software specifically designed for IT and OT devices. For example, versiondog compares the version running in your plant with the version stored on the server. If a change is detected, the appropriate users are immediately notified to take swift action to address the cybersecurity issue. Users can even set up honeypot scenarios to proactively detect and defend against cyber attacks.
Regular backups are critically important for fast and error-free recovery after a cyber attack like this one. versiondog simplifies day-to-day data management tasks like backups for a wide variety of devices like scanners, switches, PLCs, SCADA systems, and much more. This ensures that operators can quickly restore a recent error-free version.
Version Control and Comparisons
Can organizations quickly identify what exactly was changed during a cyber attack? With versiondog, users can graphically compare versions and view a full change history for each IT or OT device. This provides them with the ability to see who changed what, when, where, and why, so that they can confidently restore an error-free version after a cyber attack.
Detect Risks and Vulnerabilities
Can critical infrastructure organizations identify where they are truly vulnerable to a cyber attack? A tool like the Asset Inventory Service ensures that organizations are aware of the risks and vulnerabilities at all times. Proactively strengthen your IT and OT by automatically gathering detailed asset information. For example, devices running on outdated Windows OS that could be easy targets.