Data volume is exploding, regardless of the industry, and with increased data comes increased cybersecurity risk. The attack on the Colonial Pipeline last week has highlighted the particular risk that the energy industry faces when it comes to security threats.
Let’s talk about what happened with the Colonial Pipeline, the concern about the power grid, what ransomware is, and why the energy industry may be particularly vulnerable to ransomware attacks, plus a couple of steps you can take to prevent attacks like this.
Last week, the ransomware firm DarkSide attacked the Colonial Pipeline. The Colonial Pipeline is the largest refined products pipeline in the United States, spanning 8,850 kilometers. The cyberattack is now the largest ever on United States energy infrastructure in history. Unfortunately, the event is not an anomaly, it simply highlights a growing concern regarding the risk posed to the United States’ energy infrastructure by cyberattacks.
Last week’s attack focused on a fuels pipeline, and in the end, it was not particularly disruptive. At least in comparison to what the result of a similar attack on the country’s grid infrastructure could do. As we learned from the ERCOT fiasco in February, blackouts are incredibly disruptive to the economy and the functioning of society. Concerningly, if a Ransomware company similar to DarkSide were to attack the United States power grid, the result could be a whole lot worse than the controlled outages which ERCOT experienced this year. Due to the fragility of our power grid infrastructure, if one were to hack the Western Interconnect it could potentially knock power out for the entire Western US - from Eastern Colorado to California. In an uncontrolled event like that, cascading outages would be likely and it could take weeks to restore power after an event like that. Clearly, the risk to the power sector is a legitimate concern that must be addressed.
Ransomware is a type of cyber attack where the perpetrators hijack computer systems and encrypt data, holding it hostage until it’s victims pay for release. Ransomware attackers will also make copies of data, threatening to publish it unless additional payment is received. Ransomware has increased rapidly, it is the number one cybercriminal activity today. The latest trend is ransomware as a service, where companies basically offer ransomware services to other parties for a fee. While the FBI recommends that victims not pay up, one of the problems with ransomware attacks is that it is often cheaper for the victim to pay their attackers than to rectify the situation and recover their data independently. This makes ransomware attacks lucrative for the attackers, thus increasing their frequency.
Although DarkSide released a statement claiming that they did not want to disrupt society, but only to make money, the situation is likely more complex and less simplistic than that. Because the Colonial Pipeline is a part of the country’s energy infrastructure, it is considered critical. Industries critical to the functioning of society (like the energy industry) are more likely to pay ransomware in order to resolve the situation as quickly as possible, this makes them perfect targets.
There are a few other reasons why even prior to this attack there has been growing concern over the risk that cybersecurity threats pose to the energy industry. Of primary concern, is that for attackers who are setting out to inflict damage to society the energy industry represents a perfect target. While we tend to take electricity for granted, the winter storms in Texas proved that electricity can be a life or death matter.
Unfortunately, utilities are often vulnerable because they are not air-gapped, meaning that attackers are able to move between IT and OT. In addition, most utilities still use legacy assets with more modern digital technologies layered on top, making them even more vulnerable. Covid-19 has also worsened the situation. Most ransomware attackers get into systems through phishing emails. With more and more employees working from home, hackers have gained more entry points into critical systems. Additionally, the data and information most valuable to renewable and asset developers can also be utilized by attackers to inform their ransomware and cyber-attack strategy. So what’s to be done?
Ransomware and cybersecurity are a concern regardless of what industry you’re in, however, the Colonial Pipeline attack has highlighted the particular risks facing the energy industry. If avoiding a ransomware attack is top of mind, here are a couple of things you can do to mitigate your risk.
Train your staff, regularly. As mentioned above, most ransomware attackers get in through phishing emails and individual employees. If you and your business aren’t educating your staff on best practices and cybersecurity, start now.
Be smart in your preparation. Utilizing multi-factor authentication, testing incident response plans, and performing off-site data backups can all save you a lot of heartache, time, and money down the line. Backing up your data is particularly important so that you’re not quite as constrained by ransomware attackers.
The FBI and Cybersecurity and Infrastructure Security Agency released an alert Tuesday with a more detailed summary of the result and best risk mitigation practices. We highly recommend reading the report and implementing as many of the suggestions in your organization as possible.