On May 7, 2021, Colonial Pipeline Co. was the victim of a ransomware attack with far-reaching effects. The DarkSide ransomware group deployed a phishing attack, gaining entry into the networks of the company through a virtual private network account (VPN).
When the ransomware began infecting files, for six days the company shut down a major pipeline that supplies a sizable portion of the US East Coast’s fuel. Subsequently, President Biden issued an Executive Order on Cybersecurity. Although the Colonial Pipeline attack occurred over a year ago, its lessons still resonate today.
The Colonial Pipeline Hack Highlights the Risks of IT/OT Connectivity
Although the DarkSide group stated the motivation was money and not societal impact, the event demonstrated the significant, potential real-world impacts of such a cyberattack. In the case of Colonial Pipeline, the attack instigated fears of a potential fuel shortage, as well as terrorist attacks looking to exploit the incident.
The effects of the Colonial Pipeline incident were made possible by the interconnectivity of the company’s IT and OT environments. The actual ransomware infection occurred on the company’s IT systems, and the company shut down the pipeline’s OT systems to prevent further attacks on the pipeline, including infection and encryption by the ransomware.
The dissolution of the traditional “air gap” between IT and OT systems can provide significant benefits in terms of improved monitoring capabilities and operational efficiencies. However, these benefits also come at the cost of increased cybersecurity risk.
According to Michael Welch, Managing Director of Strategy and Risk at MorganFranklin Consulting, “Traditional Information Technology (IT) security focuses on Confidentiality, Integrity and Availability, but, because OT could have dire consequences, we need to also focus on safety. While there will continue to be some level of convergence between IT and OT, that connectivity will increase the potential of cyberattacks that could have profound consequences.”
How MorganFranklin Can Help
The Colonial Pipeline hack demonstrates the importance of considering and managing the risks associated with interconnectivity between IT and OT environments. If a malware infection on the company’s IT systems could not spread to its OT environment, then the primary effect of the attack – the shutdown of the pipeline – would not have occurred.
Risk identification and management are essential for all organizations, especially for those with OT systems. MorganFranklin experts can help organizations develop strategies for identifying and achieving ongoing visibility into their assets and for managing the risks that they pose via technical and procedural security controls.
