On May 8th, I was at a gas station filling up my car before a trip I was taking when the news about a cyberattack against a large pipeline company broke. The attack led them to halt all operations. Ultimately, the incident stemmed from a ransomware infection in which a well-known threat actor took volumes of corporate data in just two hours and made their demands including the threat to block and encrypt the company’s network. They even threatened to release the data to the internet. This was a moment of reckoning for the company and a scary place to be.

From IT to OT, a Possibility

This ransomware referenced above reportedly affected the pipeline company’s corporate IT network, not its OT network. Therefore, it did not affect fuel distribution operations directly. However, as a measure of precaution, the company halted operations. Taking certain systems offline is a good preventative measure, as it’s possible for threat actors to gain access to OT environments laterally from IT environments. This practice is becoming commonplace as a result of the IT-OT convergence. Regardless, this is another example of the fact that IT attacks can impact industrial operations. In a larger context of industrial operations and critical infrastructure, these cases can lead to all sorts of socio-economic problems that directly impact the lives of many people.

The ransomware event at this pipeline company underlines the urgency for critical infrastructure operators to safeguard their operations and OT. While attacks on critical infrastructure are rising, even in the case where operational disruption is not the attackers’ main goal, these cyber events are oftentimes having an impact on availability and safety. On the heels of the Biden administration’s 100-day plan to address U.S. energy infrastructure, this attack puts the need for industrial cybersecurity into focus yet (Read more...)