Post-Colonial Pipeline Attack: U.S. Cybersecurity Policy Shift

Posted by Marbenz Antonio on August 1, 2022

The Colonial Pipeline cyber attack is a warning of worse to come | Financial Times

A ransomware attack made national headlines more than a year ago. On May 7, 2021, the Colonial Pipeline Company revealed that the DarkSide Ransomware-as-a-Service gang based in Eastern Europe had attacked it. DarkSide, which has since been shut down, has been identified as the threat actor by the FBI. What has changed in US cybersecurity policy since then, including in the context of Russia’s attack on Ukraine?

Want to know more about Cybersecurity? Visit our course now.

It is vital to emphasize that the attack had an impact on the IT side of the organization. As a precaution, the business shut down the pipeline’s operational technology (OT) side. The Colonial Pipeline connects Texas and New York and can transport up to 3 million barrels of fuel per day. The five-day shutdown knocked off about half of the East Coast’s typical supply of gasoline and aviation fuel. As a result, gas prices increased, creating gas shortages, panic buying, and long queues at gas stations.

It also startled the worlds of national security and law enforcement. Both were reminded that the nation’s key infrastructure was vulnerable to assault.

Colonial Pipeline paid a ransom of $4.5 million to repair its damaged systems. Because the DarkSide recovery capabilities were so slow, the organization largely relied on its business continuity tools instead.

Cybersecurity Policy: Following the Attack

Following the strike, negotiations between the US and Russia commenced. The Russian Federal Security Service apprehended a suspect in the incident. (Any collaboration in this area ceased following Russia’s invasion of Ukraine in February.) Meanwhile, the U.S. The State Department is still offering a reward of up to $10 million for the identification or location of any DarkSide commander.

Colonial Pipeline now faces a $1 million penalty for operational shortcomings and managerial failings that led up to the attack. The most serious alleged failing was improper planning for the pipeline’s shutdown and reactivation.

The incident also increased political pressure on the administration to pass new laws. Pipeline operators and other critical infrastructure corporations are subject to new cybersecurity rules.

Cybersecurity Policy: New Pipeline Directives in the United States

The Transportation Security Administration issued two important obligatory directives to all pipeline operators in the United States about cybersecurity and transparency.

On April 20, the federal Cybersecurity policy and Infrastructure Security Agency said that they are expanding its Joint Cyber Defense Collaborative advisory board, which was founded in August 2021, to include experts in industrial control systems. In reaction to the increased risk posed by the Russia-Ukraine conflict, they also produced a document containing specific Russia-sponsored threats to IT and OT systems.

Takeaways for Businesses

DarkSide hackers used an old password to gain access to Colonial’s IT networks over a VPN in the absence of multi-factor verification. The effectiveness of this modest attack indicates five factors that should be bear in mind today:

  1. All passwords must expire. Businesses require good password management in general, and password sunsetting in particular. Adding new, strong passwords isn’t enough.
  2. Passwords aren’t a good idea. Using passwords for security is depending on humans. As a result, you are vulnerable to human mistakes, insider attacks, and social engineering. The sooner we can get away from passwords, the better.
  3. Multi-factor authentication is a must. Any single-factor authentication technique is a virtual open door for cyber attackers.
  4. Know your air gaps. Where are the (if any) air gaps between IT and OT systems? Understand how your network is segmented.
  5. Zero trust work. Perimeter security is no longer necessary. Getting within the perimeter, whether via a virtual private network or another method, exposes the system to significant risk. This assault would have been prevented with strong zero trust. Even if an attacker managed to circumvent user authentication methods, they would be unable to further access the device and software.

The bottom line from the Colonial Pipeline attack is that the part of the business that was attacked and the part of the business that was affected is not always connected. The attack’s skill and effect aren’t either.

Yes, embrace high-tech tools, AI, and other cutting-edge solutions. But don’t forget about the fundamentals and the architecture. Prepare a backup plan for the measures you’ll do if an attack occurs. That way, whatever the future holds, you’ll have more options than a complete shutdown.

Read more about the Cybersecurity Policy. Just visit us here.

Verified by MonsterInsights