Unfortunately, the Colonial Pipeline attack is part of a growing escalation of cyber attacks on critical infrastructure around the world. An escalation that has grown out of control which criminal organizations creating affiliate networks, such as the group that conducted the attack on the pipeline.
These types of attacks have been going on for quite some time, but most never hit the headlines due to the impact on national security. This is a significant escalation both in target and response, as Colonial opted to shut the pipeline down until they feel they have a good handle on the situation.
It’s a little-known fact that the equipment in most of this particular industry is made to live for 30 or more years. Additionally, they weren’t built with defenses for hostile environments, like the attacks we are seeing from the Internet. Furthermore, updates are nearly impossible for computational reasons and approval required to make any changes in these platforms is hard to attain, where an outage directly impacts human life.
Even though this attack was successful against back-office and border systems, such as firewalls, VPN servers, and remote desktop servers, it is just the beginning of what could escalate into a war.
So where does it go from here?
Well, it can be quite difficult to bring immediate change to these impacted industries. It’s best, to begin with, improvements to visibility and resiliency. Where it isn’t possible to harden the actual devices that comprise these environments, perhaps they can begin by securing the environment that the devices live in. This could be done by creating stronger border protections, segmenting the network infrastructure to isolate the critical infrastructure, and creating greater visibility into attacks. The ultimate goal is to create a stronger security posture and reduce the dwell time and impact of a successful attack.
Regardless, the attackers made a significant mistake and have already stated such in a public online statement. Most ransomware groups are tactical and strategic with which organizations they attack with ransomware. As we’ve witnessed in their response, this wasn’t planned and is rumored to be considered as an “Act of War”.
Quite frankly, there will be few rocks the attackers can hide under.
What does this mean to you?
Expect higher fuel prices and shortages in the short term. As the attacks continue to escalate, expect the direct impact to water supplies, electrical grids, and healthcare.