According to OCCRP, a recent study conducted by Norwegian risk management firm DNV found that more than half of energy professionals surveyed “believe cyberattacks on the industry in the near future will result in a loss of life and many companies are not doing enough to protect themselves.” While focused on the energy sector, this outlook reflects a greater sentiment. Critical infrastructure is under threat, and the pressure is on to do something to protect it. So, what has gotten us to this point? We’re looking back at the events over the last year leading us to this state and what they continue to teach us about the importance of cybersecurity.
Russia and Cybercrime
The most recent demonstration of the types of threats that exist in today’s landscape and the vulnerabilities that lurk in critical infrastructure comes from the current war between Russia and Ukraine. Since its invasion of Ukraine, Microsoft summarized that Russian-backed groups have launched at least 240 cyber-attacks. But such activity doesn’t end there. Instead, it has a number of other opposing countries on alert. It has been reported that Russian hackers are responsible for multiple events that have occurred in Europe, including a breach that impacted thousands of German wind turbines.
The Case of Colonial Pipeline
But even before its assault on Ukraine, Russia was already establishing a propensity toward utilizing cyber strategies to infiltrate critical infrastructure systems. One of the most prominent examples that it had an alleged connection to was the Colonial Pipeline case. Not only was Colonial Pipeline closer to home, but it ended up serving as a significant warning that garnered widespread attention. As written by the staff at Dice, “While technologists have always understood the damage that ransomware could do to an organization’s infrastructure and data, the May 2021 attack that targeted Colonial Pipeline IT infrastructure changed the game for good.” The attack, which has been attributed to the cybercriminal group known as DarkSide, had several effects. It caused a six-day disruption in operations, momentary gas shortages for part of the United States and a $4.4 million ransom demand. Plus, in a way, it acted as a foreshadowing of other breaches to come like the ransomware incident carried out on meat producer JBS.
Lessons Learned
One of the main takeaways from the Colonial Pipeline attack, however, is that we needed to act on protecting OT and industrial control systems as well as IT. And that has since been reinforced by the instances unfolding in conjunction with the conflict in Ukraine. Lawmakers have started to respond to this call by putting forth legislation such as reporting requirements. But more will certainly be needed by both the public and private sectors, especially considering the growing threat against mid-size organizations. Chris Harris explained in a piece for Infosecurity Magazine that, “…front-line industries such as the manufacturing and agriculture sectors are most likely to be at risk, particularly given that those industries have traditionally not kept up with security compliance.”
Going forward, these operators are going to have to be keenly aware of what may be affecting their security such as flaws related to third-party suppliers. As covered at VentureBeat, a report by CyberArk gathering insight from 1,750 global IT security decision makers concluded that of the precautions organizations have introduced in response to mounting cybersecurity issues, some of the top have been “…real-time monitoring and analysis to audit all privileged session activity; least-privilege security / zero-trust principles on infrastructure that runs business-critical applications; and processes to isolate business-critical applications from internet-connected devices to restrict lateral movement.”
Despite those measures, 79% agreed that their organizations were still prioritizing business over cybersecurity. But if we have learned anything from all of this, it’s that infrastructure cybersecurity is a crucial part of business and adopting that perspective will really help to drive how we approach this topic in the future.
Sources:
- “Energy Sector Expects Deadly Cyberattacks in Next Two Years” – Will Neal, OCCRP
https://www.occrp.org/en/daily/16353-energy-sector-expects-deadly-cyberattacks-in-next-two-years - “Colonial Pipeline Ransomware Attack: Lessons for Technologists” – Dice
https://insights.dice.com/2022/05/23/colonial-pipeline-ransomware-attack-lessons-for-technologists/ - “The New Era of Cyber-Attacks – Who is Most at Risk This Year?” – Chris Harris, Infosecurity Magazine
https://www.infosecurity-magazine.com/opinions/new-era-cyberattacks-most-at-risk/ - “Report: Credential access is top risk for ransomware attacks” – VentureBeat
https://venturebeat.com/2022/05/18/report-credential-access-is-top-risk-for-ransomware-attacks/
Learn about the ultimate solution to protect infrastructure networks, Net-Optix.