
Digital Utility Group
The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation.
Post
The Colonial Pipeline Attack: How Can We Protect our Systems Today?

The Colonial Pipeline Attack: How Can We Protect our Systems Today?
Fuel shortages, panic buying and rising gas prices. The Colonial Pipeline attack is having a huge impact on our day-to-day lives–and it is on track to be one of the most economically damaging.
Right now, we don’t know the details of exactly how this attack was carried out, and we probably never will. We do know it was the result of ransomware, so we can probably make some reasonable assumptions about what happened. Most likely an employee clicked a link in a cleverly disguised email, unwittingly providing hackers with credentials and access to their systems.
I am sure that the Colonial Pipeline situation will be studied in detail, and we may even see some recommendations or policy changes in the future. But for now we ALL remain the target of criminal ransomware gangs, so it pays to be aware.
If a highly-secure critical infrastructure provider can fall prey to ransomware – so can you. If you’re concerned about your security, consider the following three questions:
- Are your employees accessing email and other phishing targets, such as USB ports, in the same place they access critical systems? Secure virtual desktops can lock critical employee work stations down.
- Are your networks segmented appropriately? IT (information technology) systems should be separate from OT (operational technology) to prevent damage to physical equipment and systems.
- Are the third-party applications and software you are using safe? Small / mid-sized software operators often lack the features required for secure operations, such as multi-factor authentication and private network.
These are the first areas my mind went when this attack came to light. I am sure there are many others. Do you have tips that could help prevent someone from becoming a victim of ransomware?
Please share your thoughts below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Sign in to Participate