Call
Ask an Expert
Tel: +1-281-673-2800
Fax: +1-281-673-2931
Find an Office
Email
Email Us
Company News

Cyber Risk Management Advisory: Analysis and Recommendations Following the Colonial Pipeline Shutdown

June 3, 2021

The Colonial Pipeline shutdown has significantly impacted enterprise functions, critical infrastructure and industrial operations, forcing substantial parts of the pipeline to shut down for several days.

This cyber attack has far-reaching implications not only in the oil and gas market but across several industries, including power, energy, maritime, offshore and manufacturing. This strategic attack is an example of how cyber criminals can swiftly disable operations and effectively impact businesses, the public and the Nation’s economy.

Cyber threat actors are shifting from the Information Technology (IT) networks that run business systems to the Operational Technology (OT) networks that control industrial operations.

About the Attacker, DarkSide

All information is nonexclusive, as specific details about DarkSide, the attacker, are still under investigation.

  • The FBI has been investigating DarkSide since October 2020.
  • DarkSide has previously targeted a variety of industries, including manufacturing, energy and insurance.
  • In a previous statement, DarkSide said, "Our goal is to make money, and not create problems for society."
  • DarkSide develops ransomware as a service (RaaS) and sells its ability to create ransomware or conduct ransomware attacks to whoever is willing to pay.
  • DarkSide employs "Double Extortion" and will both exfiltrate data and threaten to release it or deploy software that will encrypt data, making it unusable.
  • DarkSide typically uses cryptocurrency to collect ransoms, with a preference toward Monero.

Mitigation for Your Organization

The cyber attack on Colonial Pipeline emphasizes the need for visibility and control. Knowing how to manage your organization’s unique cyber risk requires expertise in industrial cybersecurity and in-depth knowledge of how your operational networks and systems work. CISA and the FBI recommend several mitigation strategies, including:

  • Boundary Protections - Manage what goes in and out of IT and OT networks. 
  • Access Control - Limit/control the movement within IT and OT networks.
  • Segmentation - Manage the people and devices that can access networks. 
  • Monitoring - Detect and confirm potential intrusions. 
  • Policy Management - Customize policies based on network needs.  
  • Asset Management - Inventory and management of critical cyber assets. 
  • Backup Management - Confirm up-to-date copies of network data. 
  • Configuration Management - Detect changes made to industrial control devices, including Programmable Logic Controllers (PLC) and log information through Management of Change (MOC) documentation.

Knowing how to manage your organization's unique cyber risk requires expertise in industrial cybersecurity and in-depth knowledge of how your operational networks and systems work.

It is crucial to have a strong cyber program that defends industrial operations against cyber attacks and monitors assets at all times. ABS Group provides one of the markets' only 24/7/365 Remote Monitoring and Managed Services specifically designed to protect OT Networks. We are OEM agnostic, OT-specialized and price competitive, with one solution that covers the entire digital ecosystem.

Cybersecurity Resources

Podcast: The Casualties of Cyber War: Exploring the Colonial Pipeline Shutdown

If a cyber attack can take down an entire pipeline, what's next? As news from the recent attack on Colonial Pipeline continues to develop, private and public companies, the U.S. government and the nation continue to question the dangerous implications behind our critical infrastructure lacking the proper cybersecurity. 

Listen to the Full Risk Matters X.0 Podcast Episode.


Podcast: Cyber in the Supply Chain – When Things Go Wrong

Cyber incidents go from 0 to 100 in the blink of an eye. With nearly half of the East Coast's fuel supply disrupted, the conversation of protecting critical infrastructure is at the forefront of The White House Administration. Join our discussion as we talk about preceding real-life OT cyber incidents that have gone wrong.

Listen to the Full Risk Matters X.0 Podcast Episode.


Cybersecurity 101: Lessons Learned from the Colonial Pipeline Cyber Attack

The recent cyber attack on Colonial Pipeline underscores the importance of having a strong industrial cyber program that provides visibility and control over your critical infrastructure. In this webinar, we'll discuss the essential lessons learned from this historic incident and the strategies you can use to defend your Operational Technology (OT) and Industrial Control Systems (ICS).

View Webinar On-Demand


Webinar: OT Cybersecurity – How to Evolve Faster Than Cyber Criminals

Does your in-house cybersecurity team have the bandwidth, experience and equipment to protect your organization against fast-paced cyber criminals? In this webinar, we’ll discuss what your organization needs to know about cybersecurity, how you can gain visibility and control over your OT and Industrial Control Systems (ICS) and the benefit of working with a managed service provider (MSP).

View Webinar On-Demand


Cyber Support: Industrial Cybersecurity – Take Control of IT and OT Risks

We work with maritime, offshore, industrial and government clients to understand their unique operational technology (OT) risks and help them build cybersecurity solutions to reduce the likelihood of an attack. From the earliest concept and design phases to integrating a program into existing operations, we'll help your organization develop and implement the controls you need to manage cyber risk.

Learn How You Can Increase Visibility and Control for OT Assets.

 

About ABS Group

With over 50 years of industry-wide experience in risk and reliability, ABS Group is a premier provider of industrial cybersecurity consulting, implementation and management services, assisting organizations in enhancing their existing cyber risk programs or creating one that fits their individual needs to address national and international cybersecurity standards and guidelines.

Back to top