Technology Insights HOME | Perspectives on Technology Trends

Technology Insights HOME

Perspectives on Technology Trends

Search

ARTICLE

3 mins to read

Ransomware Crisis: 11 Actions to Secure Critical Infrastructure

David Taylor

Managing Director - Security and Privacy

Justin Turner

Director - Security and Privacy

Views
Larger Font
3 minutes to read

Why Securing our Critical Infrastructure Matters

Operational Technology (OT) remains a key, but vulnerable technology for organizations with critical infrastructure. The U.S. Government has defined critical infrastructure as those “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

OT systems are crucial components in producing and delivering many of the resources that we rely on daily, such as clean water, fuel and electricity. Other Industrial Control Systems (ICS) provide necessary services such as traffic light systems, automotive plants and waste management facilities. Despite the societal importance and reliability of these systems, OT infrastructure remains insecure and vulnerable to cyberattacks that can cause physical harm to the public or interrupt the delivery of critical services.

Organizations operating critical infrastructure can mitigate the impact of security incidents and increase the resiliency of their OT infrastructure by following some key components of basic cybersecurity hygiene.

The Colonial Pipeline Ransomware Attack

Colonial Pipeline is a fuel pipeline company located just north of Atlanta, Georgia responsible for providing approximately 45 percent of the gasoline supply to the east coast of the United States.

On May 9, 2021, Colonial Pipeline released a statement acknowledging that they were a victim of data theft and ransomware attacks affecting their IT environment. Multiple news outlets reported that on May 7, the hacker group being called “Darkside” infiltrated the Colonial Pipeline network and stole over 100 Gigabytes of proprietary data.

Upon confirming the May 7 incident was a ransomware attack, Colonial Pipeline immediately shut down a portion of its systems and remained offline until May 12 to both contain the attack and to protect the safety and security of its pipelines and the safety of the general public. Colonial Pipeline has engaged law enforcement including the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a statement on May 11 indicating that at this point in time, there is no evidence showing any lateral movement to Colonial Pipeline OT network.

The impact of this incident and other recent attacks with elevated impact, has elicited action from the Biden administration to produce an executive order issued May 12 to improve the nation’s cybersecurity.

In addition to the operational cost associated with a pipeline shutdown, according to Bloomberg, Colonial also paid the hackers nearly $5 million in ransom within hours of the attack in order to restore its disabled computer network.

The question ICS / OT asset owners need to be asking today is what actions can be taken immediately in the short term, to mitigate cybersecurity risks to their critical infrastructure while long-term protective controls can be implemented (or assessed) for effectiveness. Here are some key short and long-term steps that critical infrastructure controls systems operators can take to mitigate the impact of a cyberattack:

Short-Term Steps Organizations Can Take

1.  Broadly assess the potential cybersecurity risks which jeopardize operational resiliency and affect ongoing business operations.
2.  Implement a robust network segmentation to minimize the impact of a cybersecurity attack on an organization’s critical infrastructure.
3.  Ensure a backup and recovery program is implemented, evaluated, and isolated from the production network.
4.  Secure remote access gateways and publicly available services. Validate that critical infrastructure assets are not exposed to the public internet. Ensure that all remote access and external access requires multi-factor authentication.
5.  Update Incident Response Plans, Business Continuity Plans, and Disaster Recovery Plans for all environments and ensure playbooks address potential impacts to critical infrastructure.
6.  Validate full coverage of security monitoring via Endpoint Detection / Response (EDR) products on endpoints and passive monitoring on the network with Network Detection / Response (NDR).

Strategic, Long-Term Steps Organizations Can Take

7.  Identify and backup critical project files to offline storage.
8.  Test and simulate your incident response plan via tabletop exercises and determine your organization’s response to ransomware operators.
9.  Implement manual override controls and alarms which permit operators to detect and override any unsafe commands sent to sensors or actuators.
10.  Invest in asset management to identify and validate the existing IT and OT technology devices throughout the organization.
11.  Develop threat hunting capabilities to proactively search for potential security incidents within the OT environment.

It is an unfortunate reality that ransomware attacks and cybersecurity incidents impacting critical infrastructure appear to be on the rise. Therefore, it is imperative that organizations start reviewing and testing their response capabilities and procedures before an incident occurs. We will continue to monitor the defenses listed above and continue to provide guidance to bolster the strategic approach organizations can take to improve their cybersecurity posture and ransomware detection and prevention capabilities.

Claire Gotham, Derek Dunkel-JahanTigh, Wesley Lee and Dhara Parikh also contributed to this post. To learn more about our ransomware advisory and recovery capabilities, contact us.

Was this article helpful to you?

Thanks for your feedback!

Subscribe to the Tech Insights Blog

Stay on top of the latest technology trends to keep your business ahead of the pack.

In this Article

Authors

David Taylor

By David Taylor

Verified Expert at Protiviti

Visit David Taylor's profile

Justin Turner

By Justin Turner

Verified Expert at Protiviti

Visit Justin Turner's profile

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

The upstream oil and gas industry is characterized by complex operations and significant financial transactions. SAP S/4HANA supports these operations...

Article

What is it about

This blog was originally posted on The Protiviti View. Like companies in other industries, energy and utilities (E&U) organizations want...

Article

What is it about

This blog was originally posted on Forbes.com. Kim Bozzella is a member of the Forbes Technology Council. Here’s a problem...