Part of Intelligent Utility® Network »

Digital Utility Group

The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Post

The Colonial Pipeline Attack: How Can We Protect our Systems Today?

image credit: Depositphotos
Mark Damm's picture
Mark Damm 4,318
Founder and CEO FuseForward

With over 30 years’ experience implementing and operating complex systems for critical infrastructure, FuseForward Founder and CEO Mark Damm is extremely well-versed in the identification of...

  • Member since 2020
  • 44 items added with 37,773 views
  • May 13, 2021
  • 1015 views

The Colonial Pipeline Attack: How Can We Protect our Systems Today?

Fuel shortages, panic buying and rising gas prices. The Colonial Pipeline attack is having a huge impact on our day-to-day lives–and it is on track to be one of the most economically damaging.

Right now, we don’t know the details of exactly how this attack was carried out, and we probably never will. We do know it was the result of ransomware, so we can probably make some reasonable assumptions about what happened. Most likely an employee clicked a link in a cleverly disguised email, unwittingly providing hackers with credentials and access to their systems.

I am sure that the Colonial Pipeline situation will be studied in detail, and we may even see some recommendations or policy changes in the future. But for now we ALL remain the target of criminal ransomware gangs, so it pays to be aware.

If a highly-secure critical infrastructure provider can fall prey to ransomware – so can you. If you’re concerned about your security, consider the following three questions:

  • Are your employees accessing email and other phishing targets, such as USB ports, in the same place they access critical systems? Secure virtual desktops can lock critical employee work stations down.
  • Are your networks segmented appropriately? IT (information technology) systems should be separate from OT (operational technology) to prevent damage to physical equipment and systems.
  • Are the third-party applications and software you are using safe? Small / mid-sized software operators often lack the features required for secure operations, such as multi-factor authentication and private network.

These are the first areas my mind went when this attack came to light. I am sure there are many others. Do you have tips that could help prevent someone from becoming a victim of ransomware?

Please share your thoughts below.

Discussions
Matt Chester's picture
Matt Chester on May 13, 2021

Props to you for bringing the topic to 'what can we do,' Mark-- while it was a gas pipeline this time, it can be a grid operator next time, or the IoT behind some smart meter tech, or any number of other areas. Vulnerabilities anywhere in the system are vulnerabilities for the whole system!

Steve Lindsay's picture
Steve Lindsay on May 13, 2021

Mark, good post and thank you.  We need to keep attacks like this (and how to stop them) in the spotlight.  There is no one solution - just "Defense in Depth", but I think you really nailed it when you mentioned "credentials and access".  We don't know yet what happened with Colonial Pipeline, but the Oldsmar water attack was a result of stolen passwords.  Getting rid of passwords and always using secure multifactor authentication in a Zero Trust Environment - in addition to the methods you mentioned - is another big step.  Glad to see Biden's Executive Order highlighted that.

Thanks!

Steve Lindsay

Mark Damm's picture
Mark Damm on May 14, 2021

Great to see policy catching up with the seriousness of this threat. It seems the attackers in this case are trying to distance themselves from the societal impacts they caused. If they can cause serious fuel shortages without intending to cause harm, imagine the damage that can be inflicted by someone that wants to. 

I haven't yet had a chance to review the Executive Order in detail, looking forward to taking a look. 

Michael Keller's picture
Michael Keller on May 17, 2021

Fairly common to alter plant computer and programmable logic controllers remotely. Perhaps that convenience has too stiff a price in today’s world. Perhaps changes should be made directly at the facilities with software updates rigorously protected. Will increase costs, but all things considered, might ultimately be more cost effective than paying ransoms.

Mark Damm's picture
Thank Mark for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »

Your access to Member Features is limited.

Apply for membership
Energy Central Jobs
Featured Jobs
More Jobs