The recent ransomware attack on Colonial Pipeline – a major part of the U.S. fuel network – has had a crippling impact on its operations, with the business halting the distribution of 2.5 million barrels of fuel per day over its 5,500 miles of pipe infrastructure. In more relatable terms, this equates to nearly half the fuel consumed on the East Coast of the U.S., and has already led to speculation that fuel prices could rise, and forced lawmakers into passing emergency legislation so fuel can be transported by road.
Experts have long warned about the potential vulnerability of critical infrastructure and the serious impact of any successful attack, but the Colonial Pipeline breach has significantly raised the stakes. Equally concerning is that instead of a state-sponsored cyberattack aimed at causing politically motivated disruption, this incident seems to be financially motivated. As Wired puts it, “apparently profit-focused cybercriminal hackers have inflicted a disruption that military and intelligence agency hackers have never dared to.”
The risks are growing, and as explained by security expert Paddy McGuiness recently in The Telegraph, “Our major industries and privately run infrastructure are now on the front line. Their networks and systems at home must therefore be robust enough to protect us from cyber threats of hostile states and their organised crime partners.”
Part of the problem is that as the nature of critical infrastructure has become more diverse and dispersed, so too have the points of vulnerability. With even the smallest of devices connected to the Internet of Things (IoT), each has now become a potential gateway to the entire system of a power company, transport network or in this case, a fuel distribution pipeline.
This latest incident also highlights how successful ransomware attacks expose the reactive security strategies of its victims. As the Colonial Pipeline Media Statements reveal, on discovering the attacks, the company took systems offline to contain the threat, called in leading third party security experts and has also developed a system restart plan. While these are described as ‘proactive’ measures, the difficulty lies in the need to take steps after an attack has been uncovered.
Instead, critical infrastructure in general requires much more effective protection in a threat landscape that is becoming more sophisticated and complex, including the constant risk caused by infected files and documents. A proactive defence against ransomware, such as that provided by Glasswall Content Disarm and Reconstruction (CDR), instantly cleans and rebuilds files to match its known good manufacturer’s spec – automatically removing potential threats. This simple approach ensures every document entering or leaving the organisation is safe, without sacrificing productivity.
“Successful cybersecurity attacks on both government and critical infrastructure continue to occur, and ransomware gangs clearly view any organisation as a potentially profitable target,” said Danny Lopez, CEO of Glasswall. “A big part of the problem is that too many security strategies still value recovery over resistance, and leaders need an urgent change of mindset if they are to defeat these hugely damaging incidents before they bring vital services to a standstill.”
How the Colonial Pipeline situation plays out remains to be seen. Will the company be able to quickly recover and restore normal operations, or will this incident signal a period of greater risk for critical infrastructure the world over?
To read more about Glasswall’s approach to proactively addressing the risks presented by ransomware, click here.