How the Colonial Pipeline Attack Changed the Way We Look at Pipeline IT Security
How the Colonial Pipeline Attack Changed the Way We Look at IT Security
The Colonial Pipeline attack, which shut down a pipeline that transports almost half the fuel supply on the East Coast every day for 11 days, has changed the way businesses across the country look at cybersecurity–and has prompted a White House mandate that will determine what the nation’s leading pipeline companies must do in order to help protect that vital supply chain.
In the wake of the Colonial Pipeline attack and others like it, including the attack against the JBS meat plant, public awareness of cyber threats has risen more than it has in a very long time. The Colonial Pipeline attack created immense disruption, causing panic buying, gasoline shortages, and even potential disruptions to airline travel out of that area. Not only that, Colonial Pipeline paid out a $4.4 million ransom payment to unlock that vital data to foreign hackers–an extraordinary expense that could, for smaller businesses, lead to financial disaster. With this increased awareness of the potential devastation caused by a cyberattack, the nation’s pipelines need to increase their security quickly.
The New Changes to Pipeline IT Security
In light of new directives from the TSA–tasked with taking over pipeline security as the focus shifts to the potential dangers associated with these attacks–pipelines will need to make a number of critical changes.
1. A Cybersecurity Coordinator
Like a Chief Security Officer, a Cybersecurity Coordinator focuses directly on ensuring the security of the pipeline. This coordinator is entirely focused on potential cyber threats and must be available 24/7 to handle any challenges that might impact the pipeline. The Cybersecurity Coordinator must be aware of the organization’s framework, the latest information about cybersecurity challenges, and how to coordinate with the TSA and the Cybersecurity and Infrastructure Security Agency (CISA) in the event of an attack.
2. Evaluating Current Standards
According to the mandate, which was released on May 28, 2021, critical pipeline companies were given 30 days to do a full evaluation of their current security practices and how they line up against the best practices issued by the TSA. Companies must then use that assessment to identify any potential gaps in their current cybersecurity measures and create a mediation plan that will help bring them up to a higher standard, offering a greater level of protection not only to the pipeline itself, but to the people who rely on it.
The TSA’s guidelines include:
Recommendations for Physical Security
Prevention of unauthorized access to the facility, fences without gaps, and clear zones free of obstructions around the fence that can prevent unauthorized access are all critical measures for protecting the basic security of a pipeline both physically and virtually. Unimpeded access to the facility could make it easier for a hacker or terrorist to gain access to vital internal systems.
In addition to the specific screening of candidates to decrease the risk that a potential hacker or terrorist could gain access to the facility by applying, personnel identification requirements include basic factors like how to address lost or stolen ID cards and badges, how to handle personnel termination, and how to govern temporary badges.
The TSA has issued a number of changes to its cybersecurity recommendations to pipelines, including strategies that will allow the pipeline to identify, protect against, detect, and respond to potential threats, as well as recovering from the attack in a timely manner. This may include:
- Specific, individual accounts for each user, limited on the basis of the access they need
- Specific policies and procedures that identify and protect critical data across the organization
- Segregating and protecting pipeline assets from enterprise networks
- Validating technical controls and ensuring that they comply with basic cybersecurity processes
- Implementing alerts that will show any potential threats, including anomalous activity on the network
- Monitoring attempts at unauthorized access
- Conducting vulnerability assessments to identify any potential risks
- Updating cybersecurity policies and protections annually
Bringing Your Organization Into Compliance
Prior to the Colonial Pipeline attack, compliance with basic cybersecurity standards was voluntary. While pipelines had standards they were encouraged to meet, their decision to meet, or not meet, those standards was on an individual basis. Now, pipelines must come into compliance in order to avoid expensive fines and penalties. Not only that, many pipelines are realizing the extent of their vulnerability for the first time, and are eager to help bring their security up to standard to avoid potential disruptions.
Is your organization ready to face down potential cyber threats?
Working with a Reputable Cybersecurity Provider Can Help
You may have an internal IT team that has managed your cybersecurity in the past. If your team doesn’t focus on cybersecurity, however, they may have a hard time coming up to speed on the latest industry needs and challenges. Instead, consider choosing an external cybersecurity provider who can help you protect your vital network and prevent disruption of service to your clients. Your provider can:
- Assess your current vulnerabilities and create a plan to remediate them as soon as possible
- Monitor your networks for potential cybersecurity threats and ensure that those threats are met quickly and effectively
- Provide vital protections that will help prevent threats against your company and your customers
- Keep up with the latest cybersecurity measures and provide you with valuable advice about how you can alter your current security infrastructure to better protect your vital data
- Create a program that will keep your software and security protections up-to-date
- Create effective data backup strategies that will prevent disruption in the event of an attack
- Help you respond in the event of a breach so that you can bring your pipeline back online as soon as possible
Today’s pipelines face more cybersecurity threats than ever before. Having an experienced cybersecurity team on your side can prove essential. Contact HRCT today to learn more about our services and how we can help you create a better layer of security protection around your pipeline, decreasing the odds that you will experience a breach and providing vital protections that will help keep gas flowing through the pipeline even in the event of an attack.