What to Learn from the Colonial Pipeline Cyber Attack (Auvesy Blog)

Recently, the Colonial Pipeline Company was the victim of a ransomware attack by a cybercriminal organization called DarkSide. To mitigate additional security concerns, they took many IT and OT systems offline to contain the threat, halting major pipeline operations for nearly a week.

In the wake of this attack, many organizations are questioning the strength of their own cybersecurity efforts. What should we learn from the Colonial Pipeline cyber attack?

Key Learnings from the Colonial Pipeline Cyber Attack

Cyber attacks can happen to anyone.

The Colonial Pipeline Company was not uniquely situated to be targeted. In fact, the ransomware attackers themselves have expressed some remorse over targeting Colonial Pipeline at all, saying that their goal is making money, not “creating problems for society.”

No organization is completely protected against a cyber attack, even if their firewalls are strong and their networks are appropriately segmented. Instead, focus on implementing tools for active monitoring and change detection for all of your IT and OT assets so that a potential threat is identified as soon as possible.

Cyber attacks are not going away.

Critical infrastructure operators should view the attack at Colonial Pipeline Company as a wake-up call, rather than an anomaly. The Cybersecurity and Infrastructure Agency (CISA) warned of the potential for new foreign attacks earlier this year. Malware attacks like Stuxnet, WannaCry, and NotPetya have already been successful. Attacks on industrial control systems (ICS) like the recent cyber attack on a Florida water treatment plant are also on the rise.

An important step in improving overall cybersecurity is identifying all IT and OT assets.

You can’t secure what you can’t see. Critical infrastructure organizations should make it a priority to identify all assets, identifying weaknesses like outdated operating systems. The Asset Inventory Service can help critical infrastructure organizations, and any organizations with both IT and OT assets, quickly and clearly identify all of their devices.

Data management tools for IT/OT are more essential than ever.

After identifying assets, it is important to begin protecting them from malicious or negligent changes. Unauthorized changes to IT and OT assets can be quickly identified through active monitoring or with a change management tool like versiondog. versiondog automatically backs up the data running on IT and OT devices and compares it against the corresponding data on the server. If versiondog detects a difference, it alerts the appropriate personnel to investigate a potential cyber security concern.

Have a comprehensive recovery plan before you need one.

The Colonial Pipeline attack took down most of their pipeline operations for six days, and disrupted consumer supply for even longer. How could they have safely recovered quicker? Some planning and proactive data management can make this process significantly faster.

versiondog helps organizations recover faster from unplanned downtime caused by cyber attack, natural disaster, equipment failure, or human error. As a version control and automatic backup software for both IT and OT devices, versiondog ensures that you always have a recent, error-free version to restore.