Colonial Pipeline, which operates a 5,500 kilometer pipeline running from Texas to New York in the U.S., was forced to shut after being hit by a ransomware attack by DarkSide – a hacker gang based in Russia.
Caption: Colonial pipeline compromised by hackers / Image Credit: colpipe.com A ransomware attack is when hackers demand money in exchange for ‘deleting’ information, which can cause serious damage to a company’s reputation or compromise its operations if released. Colonial reportedly paid $5 million to the hackers to secure its data.
How could this have happened?
A slew of devices — pressure sensors, thermostats, valves, and pumps — monitor and control fuel flow through the pipeline in real time. Smart pipeline inspection gauge [Smart Pig] robots are deployed to physically run through the pipeline to identify any trouble spots. As these devices do their jobs, they generate and transmit tons of data to the central system, which interfaces with the public internet directly or indirectly — the later is done via its connection with the rest of the company’s IT infrastructure.
So, if a hacker can get into a company’s IT systems, they can find their way to its operating systems and launch a ransomware attack. Some experts believe that this is what possibly happened in Colonial’s case as the operating systems are generally very well protected, but administrative systems are not. Others believe the increased mobile access for the field workforce or third-party software to be the culprit.
Whatever the case may be, the reality is that as companies embrace IoT, the threat of ransomware attacks will grow — remember, wherever there is connectivity, there is vulnerability. Therefore, we at HCL recommend you take a prioritized approach to ensure safe and secure IT-OT convergence. Multiple layers of defense are required to fully address power plant security vulnerabilities.
Here are some of the measures power plants’ decision-makers can implement to increase the security monitoring of their facilities and operating systems..
The first priority should be to ensure all assets are accounted for, categorized, and standardized. Follow this up with secure network design based on segmentation, which is established on asset categories and remote access principles. Technology requirements — firewalls, IDS/IPDs, VPN gateways—are provisioned accordingly. Next comes ICS’ systems security that includes hardening, encryption, and vulnerability patching for all OT communication. Priority four is to define the access management process and technology solutions for both internal and external users. While implementing access management solutions, it is important to have multi-factor authentication. Finally, you need to place security monitoring and triage management for the IT-OT environment, including SEIM solutions that log, monitor, track, and generate alerts around OT incidents.
Such a 360-degree approach, we believe, is a must going forward if Colonial-like incidents have to be prevented from reoccurring.