US Pipeline Hit with Ransomware – Appalachia’s Cybersecurity Response

Over the weekend, the Colonial Pipeline, one of the largest US pipelines and a major supplier for the East Coast, was hit by a cyber attack. A ransomware attack caused the company to shutdown operations as they work through the necessary steps to respond and recover, however the impact is expected to be significant if fuel terminals experience outages as a result in disruption to their supply.  The Colonial Pipeline supplies diesel, gasoline, and jet fuel.  The US government has issued an emergency waiver to allow an exemption for drivers related to hours of service, as well as exemptions related to fuel transportation via tanker ships.  To compound the supply issues further, the US is experiencing a shortage of fuel truck drivers, areas of the US are opening up further from COVID restrictions which is expected to increase travel, and we are approaching the summer travel season which notoriously increases fuel demands.

Jason McNew, Senior Engineer, Cybersecurity Risk & Compliance:

From a national security perspective Colonial Pipeline is what we would refer to as CIKR, or Critical Infrastructure and Key Resources.  As news of this very recent attack only began spreading over the weekend, there are not yet a lot of details about what has happened.  What we do know, is that there was a ransomware attack which has taken down (hopefully temporarily) a 5,500 mile line that carries 45 percent of the East Coast’s fuel supplies.  Bleeping Computer believes that the DarkSide ransomware operation is responsible, but that has yet to be confirmed in an official way.  DarkSide is known for not only extracting massive payouts from victims, but also for exfiltrating sensitive documents as an additional measure to ensure payment.

There are a few key takeaways to consider here:

• The U.S. still has very serious cybersecurity and other vulnerabilities in our CIKR, particularly in energy, communications, and other utilities.  Many of these vulnerabilities exist in ways most people would never think of – imagine, for example, if an adversary succeeded in shutting down the drinking water in Los Angeles or the sewer systems in New York City.  These would be asymmetric attacks that would have very serious consequences.
• No organization is too big or too small, too sophisticated or too simple to be a target of ransomware.
• Ransomware is profitable for attackers, and until that fact becomes untrue, ransomware will continue to be a major threat to every computer network in the U.S.

Our principal strategic competitors possess highly evolved capabilities in the realm of asymmetric and cyber-warfare, so in the event of a major theatre war involving a serious adversary and the U.S., expect the unexpected – attacks on energy, utilities, communications, transportation, finance – nothing would be off the table.  This would include significant portions of the private sector which offer and maintain these services on behalf of American citizens.  The current state of cybersecurity maturity in the U.S. is akin to the state of commercial safety 100 years ago – think poor lighting, no fire escapes, no machine guards, etc.  As a nation, we are just nowhere near as cyber-secured as we need to be to withstand and recover from a serious cyber warfare attack.

Like a house sitting on the coast of Florida, computer networks fall into two categories – those that have been hit, and those that will be hit.  While a mature cybersecurity program puts most of its resources into Identification, Protection, and Detection, it is critical to also have a robust Response and Recovery capability for when the storm inevitably hits.

Brandon Keath, Cybersecurity Officer, vCISO Services, offers his thoughts as well.  “Attacks on Critical Infrastructure continue to be of major concern for businesses and citizens as a growing list of services suffer cyber attacks.  While the pipeline attack is over for now, there is still mounting concern over water and electrical system security as organizations continue to grapple with the impacts of these cyber attacks. It is being suggested that the NIST cyber security framework, better known as the CSF, should be mandated as the standard for organizations going forward.”

At Appalachia we offer extensive NIST CSF assessments that can help an organization identify their current security weaknesses as well as establish a roadmap for investing in the right technologies to protect your critical systems.

To learn more about Appalachia's NIST Security Assessments, visit:  https://appalachiatech.com/it-services/cybersecurity/vulnerability-assessments 

For more information on the Colonial Pipeline cyber attack: https://local21news.com/amp/news/nation-world/pipeline-hit-by-cyberattack-could-be-online-by-weeks-end