Colonial Pipeline Cyberattack – Will This One Spur Action?

by John Gallagher | May 10, 2021 6:27:29 PM

The ransomware attack and subsequent shutdown of the Colonial Pipeline system on the U.S. East Coast has multiple consequences, mainly negative. Fuel shortages. Higher consumer fuel prices. Plunging share prices. Uncertainty of restarting. Unknown extent of penetration by cyber criminals. In essence the usual set of bad news that no organization wants to face, especially in critical infrastructure like energy distribution.

One possible good consequence that may emerge is more focused attention on cyber hygiene, a cornerstone of preventing ransomware attacks. Just like the Target cyber breach through HVAC systems put more attention on IoT cyber hygiene, the Verkada breach brought more attention to cyber security of physical security systems, and the City of Oldsmar (FL) water supply hack raised awareness of municipal system vulnerabilities, the Colonial Pipeline breach could be the wakeup call needed to take action around geographically distributed networks.

A starting point is to assess your ability to perform what Viakoo refers to as the Cyber Hygiene Trifecta; having all devices on the most secure version of firmware, using certificates on all devices to ensure their identity and encrypt traffic between them, and enforcement of password policies to prevent unauthorized access. These three practices remediate vulnerabilities that cyber criminals use to deliver ransomware and other cyber threats. As we covered in a previous blog, these also are effective in breaking the kill chain of cyber criminals.  There are other required elements that feed into these functions, including device discovery and threat assessment, but knowing you can take action in remediating vulnerabilities is fundamental to managing IoT security risks.

Because of the scale of unmanaged and IoT devices is typically 10x or more that of traditional IT systems, manual methods are out of consideration both because of time and cost. In one study of 8800 IoT devices requiring only firmware updates it was shown that 86 technicians would have to work fulltime to simply keep firmware updated; other similarly sized teams would have to be put in place to handle the certificate and password management on top of that. Needing 258 fulltime people to keep 8800 devices cyber secure is practically beyond the reach of most organizations. Automation is the only viable approach.

Looking at the Colonial Pipeline breach, another consideration is when these devices are running on geographically dispersed networks. Many forms of critical infrastructure, supply chain, and distributed enterprises operate across multiple types of networks, yet need to have centralized oversight and control. This is where solutions that require “line of sight” to the device are at a significant disadvantage, due to the cost and management overhead of needing to operate within a segmented network. Ability to operate globally and take action locally should be a requirement for maintaining cyber hygiene on distributed IoT systems.

Avoiding your organization being the next one in the news requires planning, strategy, and ability to take action. From earlier “wake-up calls” there are now a number of best practices that CISOs and CIOs can take and run with, such as the NIST cybersecurity framework which provides a concise view of what is needed. Central to the NIST framework is the ability to act in remediating vulnerabilities; it’s also central to Viakoo’s mission to make things work securely. Register here for a one-on-one demo of the Viakoo Action Platform and see for yourself how automation enables vulnerability remediation at scale.

Subscribe Now

Additional Reading