5

Lessons Learned from the Colonial Oil Pipeline Hack

Posted by Ryan Kim on May 14, 2021 11:07:52 AM

The digital transformation has led to an increasingly virtual way of life. COVID-19 has fueled growth in the digital landscape further by sending many employees out of the office to work at home. This has created the problem of securing the Internet of Things and protecting the enormous attack surface composed of a myriad of different devices. With so many employees working from home, the amount of cybersecurity breaches has soared. 

 

Ransomware has gained popularity since the digital transformation began. The cost of ransomware was $20B in 2020, a rise from $11.5B in 2019 and $8B in 2018. This trend is expected to continue rising according to cyberexperts.com. Preventing ransomware requires cybersecurity awareness and preparation based on anti-malware programs, secure passwords, updating patches, and having secure routers, VPNs, and Wi-Fi. Most important of all, do not fall for the Phish and be sure to back up sensitive data. We’ve detailed 5 best cybersecurity practices for work from home in response to this outbreak.

 

Despite the best efforts of Cybersecurity practitioners, hackers continue to find ways around our defenses. This forces us to constantly innovate new deterrents and preventative measures, as evidenced by the Colonial oil pipeline hack. The oil pipeline fell victim to a ransomware attack enacted by the Russian hacker group, Darkside. The ransomware encrypted data on several of its corporate systems, forcing the pipeline to shutdown as a precautionary measure. The Colonial Oil Pipeline runs petroleum from the Gulf of Mexico through the Southern U.S. and up the eastern seaboard. It is considered a main fuel artery for gas, heating oil, and jet fuel for many major airports and military bases. 

 

Lessons you can learn from the attack 

In the Colonial pipeline hack, ransomware appears to have only damaged the internal corporate systems - IT Network. The Operational Technology (OT) network and the actual industrial controllers and other equipment used to interact with the pipeline itself were not affected. This underscores the necessity of separating IT and OT networks through air-gapping and multiple layers of network security. Separation of the two  generally prevents hackers from turning a bad scenario into a public safety emergency. In this case despite the separation of the two, it still caused one of the nation’s main oil pipelines to shut down. 

 

There are many global threat actors including terrorists, criminals, hackers, organized crime, and other malicious individuals. Hackers often seek unsecured ports on industrial systems connected to the internet. IT/OT/ICS supply chains in CI can be particularly vulnerable, as they cross pollinate and offer attackers many points of entry and older Legacy OT systems were not designed to protect against cyber-attacks.

 

To help improve defenses, critical infrastructure operators should apply a comprehensive risk framework to address vulnerabilities to OT/IT convergence, including “security by design,” defense in depth, and zero trust to counter cyber threats. 

 

Other mitigation efforts can be implemented by utilizing new technologies that monitor, alert, and analyze activities in the network. Technologies such as artificial intelligence and machine learning tools can help provide visibility and predictive analytics. It is also ideal to have diversification and multiple sourcing for suppliers in the event of a breach. Preparation and redundancy are helpful in crisis scenarios. But like most issues in cybersecurity, protection comes down to people, vigilant processes, and technologies coupled with risk factors constantly being reviewed.

 

RIVA Cybersecurity best practices 

RIVA’s cybersecurity experts employ several best practices in pursuit of achieving client goals and objectives. Our experts have been instrumental in improving Cybersecurity processes on a number of different contracts by employing methodologies that could have proved helpful in the case of the Colonial pipeline hack.

 

Immutable Infrastructure: This is an infrastructure paradigm in which servers are never modified after deployment. If something needs to be updated in any way, we provision new servers built from a common image with the appropriate changes to replace the old ones. After validation, they are put into use, and the old ones are decommissioned. 

The benefits of immutable infrastructure include: 

  • More consistency and reliability in your server infrastructure and a simpler, more predictable deployment process 
  • Mitigation or prevention of issues that are common in mutable infrastructures, like configuration drift and snowflake servers 
  • Efficient use includes comprehensive deployment automation, fast server provisioning in a cloud computing environment, and solutions for handling stateful or ephemeral data, like logs 

Zero trust Security: Instead of assuming everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust, always verify.” Every access request, regardless of origin, is fully authenticated, authorized, and encrypted before granting access. 

The principles of Zero Trust Security include: 

    • Verify explicitly: Always authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies 
    • Use least privileged access: Limit user access with just-in-time, and just-enough-access (JIT/JEA), risk-based adaptive policies, and data protection to help secure both data and productivity 
    • Assume Breach: Minimized blast radius and segment access. Verify end-to-end encryption and use analytics to get visibility, drive threat detection, and improve defenses 
  • Default-closed/Deny-by-default security postures

 

Automated Software Delivery Pipeline: This is a delivery pipeline, so-named because it allows code to flow through a consistent, automated sequence of stages where each stage in the sequence tests the code from a different perspective. Each successive stage becomes more production-like in its testing and provides more confidence in the code as it progresses through the pipeline. The goal is unattended automation that minimizes or even eliminates human intervention.

The benefits of an automated software delivery pipeline are:

  • By providing automation, a pipeline removes the need for expensive and error-prone manual tasks.
  • New team members can get started and become productive faster because they don't need to learn a complex development and test environment.
  • Teams can detect any code that is not fit for delivery, then reject the code and provide feedback as early as possible.
  • It provides visibility into and confidence in the code as it progresses through successive stages where the testing becomes more like production.
  • It removes the need for involvement from too many team members in production deployments

 

Learn More 

RIVA’s experts maintain constant vigilance against potential cyber threats. To learn more about our past performance and capabilities, visit us here on our website. Follow us on social media to keep up to date with RIVA news, and get an in-depth look into our unique culture

Linkedin 

Facebook 

Instagram 

Twitter 

Leave Comment

Most Popular