Opportune LLP: Colonial Pipeline incident is yet another cybersecurity wake up call

“On 7 May 2021, Colonial Pipeline, a major US fuel pipeline operator, halted operations as a precautionary measure after a cyberattack involving ransomware was discovered. The attackers appear to have accessed business systems from which they stole nearly 100 gigabytes of data before they locked Colonial Pipeline’s computers and demanded ransom.

“Responsible for nearly half of the US East Coast’s fuel supply, Colonial Pipeline supplies fuels from Gulf Coast refining centres to cities, including Washington, DC, Baltimore, and Atlanta, transporting 2.5 million bpd of gasoline, diesel, and jet fuel through 5500 miles (8850 km) of pipelines.

“The attack represents a major disruption of the US energy sector and is the latest in a string of unsettling cyberattacks by foreign actors that have drawn attention to the need for private companies and government agencies to harden their digital assets.

“According to an FBI statement, the strain of malware involved appears to be the work of a Russian ransomware gang called “DarkSide”. DarkSide operates under a Ransomware-as-a-Service (RaaS) model and, once a system is compromised, cybercriminals using these services can demand anywhere between US$200 000 and US$2 million.

“DarkSide users display comprehensive capabilities across multiple software systems and platforms, collecting information from a variety of private organisations, including financial institutions, medical facilities, energy firms, and tech giants. “These types of hackers aren’t worried about avoiding detection; rather these actors employ tactics that aim to leverage a company’s desire to keep the breach quiet to pressure them into paying up. A popular such tactic is called ‘double extortion’, a technique in which criminals demand that victims pay to decrypt the stolen data and prevent the hackers from leaking sensitive data. This technique allows hackers to increase both the number of ransoms they receive and the value of those demands.

“Industry observers regard the Colonial Pipeline cybersecurity incident as financially motivated as opposed to state-directed sabotage compared to what had been observed in the SolarWinds or Microsoft Exchange hacks earlier this year.

“The energy industry is still manoeuvring the widespread digital transformation of operational and support structure that gained momentum in recent years. There are exciting developments in operational and information technology for oil and gas applications – many oil and gas companies are prioritising investments in this area. Two examples of such developments include the Internet of Things (IoT), which facilitates data collection, and Supervisory Control & Data Acquisition (SCADA) systems, which use data to monitor and control facilities located throughout the energy supply chain.

“However, these technologies inherently increase an organisation's attack surface, requiring authentication and authorisation management between them. Experts predict that the number of connected devices worldwide will reach a whopping 46 billion by 2021 – all equipped with sensors that communicate back to networks, databases, and communications systems. These connected devices span a wide range, from smart toasters to centrifuges enriching uranium. Even a fish-tank thermometer can expose firms to trouble from hackers.

“As mentioned in a recent NSA advisory for stopping malicious activity against connected operational technology (OT), it doesn’t help that many of the OT assets and control systems installed and used throughout the energy sector are past end-of-life and operated without sufficient resources.” Put simply, these systems are dinosaurs. This means updates and vulnerability patches aren’t being developed, stifling IT teams tasked with defending these legacy systems and opening firms up to a considerable amount of risk.

“Additionally, the critical infrastructure that’s the foundation of the end-to-end energy supply chain makes it particularly vulnerable and more attractive to these state-sponsored groups. “This is compounded by the fact that energy remains a major concern for the nation-states who are often enabling these bad actors. The energy sector drives so much policy across the world that it affects how countries conduct themselves and interact. Therefore, nation-states are willing to attempt these sophisticated, large-scale, and long-term campaigns to gain any advantage they can.

“Upon final analysis, firms can expect these attacks to become more disruptive and frequent, therefore increasing their exposure and risk. So, what steps can firms take to ensure the safety of their systems, especially within industries like energy that historically underinvest in cybersecurity? Will energy players heed the warning and double down on hardening their assets? How are the different systems widely used by firms, like energy trading and risk management (ETRM) and enterprise resource planning (ERP) systems, affected by cyber threats and what are some strategies in dealing with those effects? What role does in-depth analysis of existing systems play in developing these strategies?

“Opportune is well-versed in assisting clients with mitigating cybersecurity events, digital transformation, and business process modelling so organisations can effectively plan for and adapt to new cyber threats and the impact they have on their business.”

Geoff Yut is a Consultant in Opportune LLP’s Process & Technology group based in Houston. Geoff graduated from Texas A&M University with a B.S. in Management Information Systems and a minor in Cybersecurity.

Image: Colonial Pipeline.

 

Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.

World Pipelines’ May 2021 issue

The May issue of World Pipelines includes a regional report on Canada’s oil and gas sector, as well as technical articles on integrity management software, leak detection, NDT, and project case studies. Don’t miss our feature on young pipeliners, in which World Pipelines’ Senior Editor Elizabeth Corner interviews the winners of the John Tiratsoo Award for Young Achievement, awarded by Young Pipeliners International, in partnership with PPIM.

Read the article online at: https://www.worldpipelines.com/business-news/12052021/opportune-llp-colonial-pipeline-incident-is-yet-another-cybersecurity-wake-up-call/