Cyber Risk Management Advisory for Critical Infrastructure Worldwide
Analysis and Recommendations for Industrial Operations Following the Colonial Pipeline Shutdown
(Houston) – ABSG Consulting Inc. (ABS Consulting), a leading global operational risk management company and a provider of industrial cybersecurity consulting, implementation and management services, is issuing an advisory following the recent Colonial Pipeline cyber attack. The event significantly impacted enterprise functions, critical infrastructure and industrial operations, forcing substantial parts of the pipeline to shut down for several days.
This cyber attack has far-reaching implications not only in the oil and gas market but across several industries, including power, energy, maritime, offshore and manufacturing. This strategic attack is an example of how cyber criminals can swiftly disable operations and effectively impact businesses, the public and the Nation’s economy.
“We have seen a significant increase in cyber attacks aimed at disrupting industrial operations; however, most of these attacks are under-reported. Threat actors are customizing their attacks to Operational Technology (OT) networks, significantly increasing operational and safety risks. In many cases, the primary target is Information Technology (IT) but because the OT environment is so closely connected, this all too often leads to operational disruption,” says Ian Bramson, Global Head of Cybersecurity at ABS Consulting.
“The Colonial Pipeline attack highlights the urgent need for enhanced cybersecurity measures to better protect critical functions and infrastructure. Unfortunately, this is the tip of the iceberg; these types of attacks are escalating and as seen with this incident, can have significant supply chain impacts. This will certainly affect multiple markets, prompt new cyber regulations and has already prompted an executive order from the White House,” added Bramson.
Mitigation for Your Organization
The cyber attack on Colonial Pipeline emphasizes the need for better visibility and control over critical cyber assets. As stated in President Biden’s Executive Order, “The private sector must adapt to the continuously changing threat environment.” The nature of the threat is constantly evolving which is why managing an organization's unique cyber risk requires both industrial cybersecurity expertise and in-depth knowledge of how operational networks and systems work in different industrial environments. In alignment with guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, ABS Consulting recommends several mitigation strategies, including:
- Boundary Protections - Manage what goes in and out of IT and OT networks.
- Access Control - Limit/control the movement within IT and OT networks.
- Segmentation - Manage the people and devices that can access networks.
- Monitoring - Detect and confirm potential intrusions.
- Policy Management - Customize policies based on network needs.
- Asset Management - Inventory and management of critical cyber assets.
- Backup Management - Confirm up-to-date copies of network data.
- Configuration Management - Detect changes made to industrial control devices, including Programmable Logic Controllers (PLC) and log information through Management of Change (MOC) documentation.
A strong cybersecurity program enables an organization to protect, defend, detect and respond to cyber incidents. A key part of this is the visibility into what cyber assets exist, where the vulnerabilities are and in the event an OT system has been exploited, how to effectively respond. A remote monitoring system with 24/7/365 monitoring of industrial networks is the most effective way to do this.
Stay informed about this ongoing investigation with timely news and updates compiled by the ABS Consulting
Additional Resources and Information
- Risk Matters X.0 Podcast (Ep.13) - The Casualties of Cyber War: Exploring the Colonial Pipeline Shutdown
- Risk Matters X.0 Podcast (Ep.12) - Cyber in the Supply Chain: When Things Go Wrong
- Webinar - OT Cybersecurity: How to Evolve Faster Than Cyber Criminals
- Webinar - Cybersecurity 101: Lessons Learned from the Colonial Pipeline Cyber Attack
- Cyber Support - Industrial Cybersecurity – Take Control of IT and OT Risks
About ABS Consulting
ABSG Consulting Inc. (ABS Consulting) is part of ABS Group of Companies, Inc. (www.abs-group.com), which is a wholly-owned subsidiary of ABS (www.eagle.org), one of the world’s leading marine and offshore classification societies. The subsidiary was recently named one of America’s Best Consulting Firms of 2022 by Forbes. With over 50 years of risk management and safety experience, ABS Consulting provides data-driven risk and reliability solutions and technical services that help clients confirm the integrity, quality and efficiency of critical assets and operations. Headquartered in Spring, Texas, ABS Consulting operates with more than 1,000 professionals across the globe serving the marine and offshore, oil, gas and chemical, government, power and energy and industrial sectors.