Pipeline ransom attack exposes risk of digitising US infrastructure

Drivers on the East Coast of the United States have learned to endure problems when they hit their most important fuel artery, the Colonial Pipeline. A Hurricane It will shut down in 2017. explosion Volume stopped the previous year.

But last week, drivers lined up at a gas station because of another danger. A hacker infected the pipeline’s information technology system with ransomware, causing owners to stop the flow of 2.5 million barrels of petroleum products per day.

The· attack He revealed that the promotion of digitalization of critical infrastructure is creating new opportunities for cybercriminals and endangering essential products and services such as energy, water and healthcare. Chris Williams, Cyber ​​Solutions Architect at Capgemini North America, said:

Digitization will allow industrial companies and utilities to increase efficiency by increasing oversight and control of the 5,500-mile vast business of the Colonial Pipeline through a network that branches from Texas to New Jersey. I did.

However, older operational technology systems installed in front of the Internet tend to be out of security and can be difficult to upgrade. A vulnerability in an office IT system could provide an entry point for hackers to track control systems later. According to analysts, digital adoption is inconsistent with a sufficient investment in cyber defense.

“Many OT systems do not yet have basic security controls,” said Simon Hodgkinson, a former Chief Information Security Officer at BP and a board advisor to the IT security group Relianceacsn.

Since 2019, important US infrastructure targets have been hit by about 700 ransomware attacks, including 100 this year, according to data from Temple University in Philadelphia. A hacker in February broke into a Florida city’s water supply, but this month caused confusion in a San Diego hospital chain. Last year, hackers forcibly shut down an unnamed natural gas compressor station, according to US cyber officials.

Matias Katz, CEO of cybersecurity group Byos, estimates that only a quarter of traditional infrastructure businesses, such as oil and gas, utilities and healthcare, are responding appropriately to attacks. doing. According to a recent survey by Siemens, only 31% of utilities violation..

“The problem is that unquoted’old schools’ move much faster than in industries that are accustomed to moving,” Katz said. “Therefore, there are already new attacks and new threats at different speeds and before the slow-moving industry catches up.”

However, reconfiguring traditional security systems to account for the ever-changing nature of cyber threats is costly. Padraic O’Reilly, Infrastructure Cyber ​​Security Advisor and co-founder of cyber-risk company Cyber ​​Saint, said companies avoided “patching” or “snap-on” security systems and incorporated security. He said he needed to move to a new system. “The problem with that is that it’s very expensive,” he said.

The pipeline infrastructure is primarily operated by private capital. In short, there are often moves to reduce costs when possible.

Amy Myers Jaffe, a professor at the Fletcher School at Tufts University and the author of the book, said: Digital future of energy.. “And if you cut costs without paying close attention to the vast security requirements, it’s dangerous.”

Joe Biden’s administration has taken steps to tighten Cyber ​​security For important projects. This week, the US President said he would link $ 20 billion in infrastructure investment under the proposed American Jobs Plan to efforts to modernize cybersecurity.

National security risks blur the line between private and public needs, ensuring critical infrastructure companies are prepared for attacks and helping them respond in the event of an attack. , The government is calling for more to do. Colonial CEO Joseph Brant told The Wall Street Journal this week that paying a $ 4.4 million ransom is “the right thing for the country.”

“I think it’s a boundary we’ve artificially maintained ….. Blackberry Chief Information Security Officer and former FBI Director John McClurg said:

The oil and gas sector has been criticized for loose cybersecurity regulations. The standards for pipeline infrastructure in the United States are set by the Transportation Security Administration, the government agency responsible for airport screening. In the past, there was a shortage of personnel and funds. Until last year, there were only six dedicated staff in charge of pipeline security, but since then it has increased to 34.

Rich Glick, chairman of the Federal Energy Regulatory Commission, responsible for setting cybersecurity rules for the power grid, said Said Strict cyber regulations were applied to the power grid last week, but the nearly three-million-mile pipeline in the United States “has no equivalent mandatory standards.”

FERC Commissioner Neil Chatterjee said responsibility should be removed from the TSA and transferred to the US Department of Energy. “I was worried about the economic and national security implications of such an attack, and we are seeing what happened in the colonial and in real time,” he said.

The American Petroleum Institute, an oil lobby group, hopes that future cybersecurity policies will “focus on improving information sharing and collaboration between the public and private sectors,” and API operational security and urgency. Correspondence manager Suzanne Lemieux said.

But in Washington, government agencies could go further. Calling Colonial Pipeline Hack a “clear reminder” of the need to strengthen critical infrastructure, US Secretary of Energy Jennifer Granholm said on Wednesday, “Approaching security in the face of the evolution of risk in the 21st century. And to reassess the authorities we can impose in the event of this type of emergency. “

Twice a week newsletter

Energy is an indispensable business in the world, and the source of energy is its newsletter. Every Tuesday and Thursday, directly in your inbox, Energy Source provides important news, advanced analytics, and insider intelligence. Sign up here..

Pipeline ransom attack exposes risk of digitising US infrastructure Source link Pipeline ransom attack exposes risk of digitising US infrastructure

Related Articles

Back to top button