How the Colonial Pipeline attack has changed cybersecurity

It’s been just over a year since the American public got a taste of what a cyberattack could do to their way of life. A ransomware sortie on Colonial Pipeline forced its owners to shut down operations and leave half the country’s East Coast in a lurch for refined oil. Since that time, efforts have aimed at making the nation’s critical infrastructure more resilient and to counter the scourge of ransomware. The question is whether enough is being done fast enough.

“The attack on Colonial Pipeline was an eye-opener—not so much because of the risks about ransomware, but because of the threat landscape moving dangerously close to the critical infrastructure that underpins societies,” says Gartner Vice President, Analyst Katell Thielemann . “On that front, it was a wake-up call that spurred all kinds of activities, from cybersecurity sprints in the electric utility sector led by the Department of Energy to security directives from the TSA to pipeline, rail, and airport operators, to a new law establishing upcoming mandates for incident reporting.”

“The attack on the Colonial Pipeline was not so much a pivotal moment for ransomware attacks as it was a pivotal moment for the risks to critical infrastructure,” Thielemann adds.

Because of the Colonial Pipeline attack, many CISOs became aware of significant blind spots in their security operations centers (SOCs) because they weren’t monitoring their operational technology (OT) networks. “It also raised visibility for other mitigations, such as network segmentation, which MITRE ATT&CK categorizes as essential to preventing access to safety-critical systems such as industrial control systems,” says Phil Neray, vice president of cyber defense strategy at CardinalOps, a threat coverage optimization company.

It was also pivotal because, unlike other headline-grabbing cybersecurity events, it affected the average person in the street. “While it wasn’t the first attack on critical infrastructure, Colonial Pipeline was the moment that resulted in a state of emergency, fuel shortages and panic buying behaviors,” says Jasmine Henry, field security director for JupiterOne, a provider of cyber asset management and governance solutions.

Governments act against ransomware

The Colonial Pipeline event also spurred greater government activity aimed at protecting critical infrastructure around the globe. “The silver lining of the Colonial Pipeline attack has been the increased involvement of law enforcement and the U.S. government in taking the fight to the attackers, helping to retrieve or freeze illicitly acquired cryptocurrencies, and collaborating internationally to arrest the ransomware actors,” says Jason Rebholz, CISO of Corvus Insurance, a risk management software solutions provider.

Copyright © 2022 IDG Communications, Inc.

News Credit

%d bloggers like this: