Cyber Attack at Colonial Pipeline

What should organizations do to prepare for future cyber attacks like the one at Colonial Pipeline?

The Colonial Pipeline Cyber Attack

colonial pipeline cyber attackAccording to a press release, the Colonial Pipeline Company was the victim of a ransomware cybersecurity attack on May 7. Colonial Pipeline took certain systems offline to contain the threat, halting all pipeline operations and affecting some IT systems. As of May 10, they are still in the process of safely restoring these operations and have a communicated a goal of “substantially restoring operational service by the end of the week.” The FBI confirmed that the attack came from a cybercriminal group known as DarkSide. According to unnamed sources in a Bloomberg article, the hackers actually began their attack against the company a day earlier, stealing a large amount of data before announcing themselves by locking computers with ransomware and demanding payment.

The Colonial Pipeline is responsible for transporting nearly half of the East Coast’s fuel supply from Texas to New Jersey, according to the company. As a result, fuel prices on the East Coast could rise if the shutdown is prolonged. The United States government has issued an emergency waiver to drivers in 18 states to work extra or more flexible hours when transporting refined petroleum products to attempt to offset this.

Cyber attacks to critical infrastructure like the one on Colonial Pipeline are no longer as rare as they once were. There are an increasing number of threats to utilities and other critical infrastructure sectors. In February, a Florida water treatment plant was the victim of an ICS cyber attack.

How can critical infrastructure organizations prepare for future cyber attacks like this one?

Eric Goldstein, Executive Assistant Director for Cybersecurity for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said “we encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

How can organizations act upon this advice? A software like versiondog can help organizations in the oil and gas industry, as well as many others, save time and effort while securing IT and OT devices against cyber attack. How?

Change Detection

The DarkSide hackers attacking Colonial Pipeline stole data the day before demanding a ransom, according to a Bloomberg article. Other recent cyber attacks have taken a different approach. Hackers can simply make a small change to the code used in industrial control systems and dramatically affect production. Even a minor change to a PLC could create a major safety concern, deteriorate product quality, or cause unplanned downtime.

Organizations can safeguard against unauthorized changes by using a change management software specifically designed for IT and OT devices. For example, versiondog compares the version running in your plant with the version stored on the server. If a change is detected, the appropriate users are immediately notified to take swift action to address the cybersecurity issue. Users can even set up honeypot scenarios to proactively detect and defend against cyber attacks.

Automatic Backups

Regular backups are critically important for fast and error-free recovery after a cyber attack like this one. versiondog simplifies day-to-day data management tasks like backups for a wide variety of devices like scanners, switches, PLCs, SCADA systems, and much more. This ensures that operators can quickly restore a recent error-free version.

Version Control and Comparisons

Can organizations quickly identify what exactly was changed during a cyber attack? With versiondog, users can graphically compare versions and view a full change history for each IT or OT device. This provides them with the ability to see who changed what, when, where, and why, so that they can confidently restore an error-free version after a cyber attack.

Detect Risks and Vulnerabilities

Can critical infrastructure organizations identify where they are truly vulnerable to a cyber attack? A tool like the Asset Inventory Service ensures that organizations are aware of the risks and vulnerabilities at all times. Proactively strengthen your IT and OT by automatically gathering detailed asset information. For example, devices running on outdated Windows OS that could be easy targets.

Try versiondog Today

Download a 30-day free trial of versiondog or schedule a demo with our team today.

versiondog Free Trial
Schedule a Demo

White Paper: AUVESY Guide to Protecting Critical Infrastructure

This free white paper outlines best practices for IT/OT security in critical infrastructure sectors.

Read More

How to use Honeypots for Automation Cyber Security

Learn more about proactively detect and defend against hacker attacks by using honeypots.

Read More