Will the Colonial Pipeline Attack Affect IoT Integration?

Will the Colonial Pipeline Attack Affect IoT Integration?
Find out how Rigzone readers voted in an online poll about pipeline cybersecurity.

In recent years oil and gas companies across the value chain have increasingly integrated digitalization and Internet of Things (IoT) technologies into their facilities. The technologies offer companies robust, real-time operations and maintenance data, but their reliance on wireless networks represents a potential cybersecurity risk.

Last week Rigzone asked its followers on LinkedIn whether they expect the recent Colonial Pipeline cyberattack to slow down IoT integration by pipelines. As the screenshot of the poll question and response breakdown shows, most of the nearly 600 respondents do not anticipate that pipelines will decrease the rate at which they adopt IoT technologies.

LI-ColonialPoll

Some of the individuals who added comments beneath the poll opined that the Colonial event could spur greater adoption by the pipeline industry. “If anything it should be a wake-up call to operators to take a hard look at their own cyber security,” remarked one LinkedIn site visitor. “A lot of the industry is behind the times with their architecture.”

Echoing that comment, another individual remarked that the incident should “propel IIOT (Industrial IoT) adoption since so many aspects deliver IT/OT (information technology/operational technology) security and protocol encryption.”

Pointing out that hacks such as what hit Colonial happen regularly, another commenter stressed that curbing IoT adoption is not the answer. “(T)he answer is forcing IoT manufacturers to implement security measures into the equipment they are trying to sell,” he stated. “IoT devices should have cyber-security second only to what the device is meant to accomplish.”

Rigzone has also obtained additional perspective on the Colonial story and cybersecurity in general from Nick Powers, executive vice president with UNCOMN, LLC, a business-to-business management and technology consulting firm. Read on for excerpts from Rigzone’s recent conversation with Powers.

Rigzone: For starters, please briefly describe how a ransomware attack works.

Nick Powers: Ransomware attacks are typically click-through (an employee clicks on an ad or in an email that is fraudulent and downloads the ransomware to their computer), but in some cases cybercriminals will obtain credentials or brute-force their way into a network to land a payload. Once the payload is on a corporate network, the ransomware acts like a virus infecting the computer systems and network devices, but instead of destroying, it encrypts all the files it touches. The ransomware calls back to its originator to let them know it’s made impact and the cybercriminals reach out to the victim and ask for money, usually some form of crypto currency, to buy a decryption key. With the key, the victim can decrypt its files and go back to normal business.

Rigzone: What options do the targeted companies, government entities, etc. have, and should they pay up?

Powers: If a company or entity is impacted, their main course of action is to restore their files from backups. This can be tedious and, depending on the ransom request, there is a business decision to be made on if the effort is worth not paying the ransom. The Federal Bureau of Investigation (FBI) typically tells companies not to pay the ransoms, but the FBI isn’t necessarily offering to protect everyone’s company and back up their files, so it ultimately is a business decision. Unfortunately, the cybercriminals are constantly evolving, and with DarkSide their version of ransomware exfiltrates the company’s data as well as encrypts it. This means that DarkSide has the company’s data and there is an additional incentive for the company to pay the ransom. In general, there has been a 31% increase in ransomware attacks over the last six months or so. In many cases companies are paying the ransoms.

Rigzone: Given the Colonial incident, do you see any implications for the rate at which pipelines and other major industrial infrastructure owners will continue to integrate IoT technologies into their systems?

Powers: It remains to be seen how the Colonial attack will impact the oil and gas industry going forward. The U.S. Department of Homeland Security is in charge of protecting the country’s infrastructure and has regulations and requirements they recommend and in some cases, as with the electric utility industry, routinely audit. I think we will see a more stringent requirement put on oil and gas going forward, but it will take time for the industry to adapt, build those additional costs into their operations, and ultimately become more secure. For the utilities I have been able to talk with, they are typically operating their industrial infrastructure in closed systems that let very little information be exposed to the Internet. With Colonial, the cybercriminals did not “hack” the pipeline or IoT devices; they landed ransomware into the corporate operations of Colonial. As a result of the widespread infection, Colonial choose to shut down its pipeline to ensure no spillage from their corporate networks infected their industrial networks.

Rigzone: What do you see as the biggest takeaways from this entire episode?

Powers: I see more potential government regulation, and hopefully public outcry that it’s no longer acceptable for cybercriminals to continue to get away with these cybercrimes. If we have pirates raiding ships on the northeast coast of Africa, we load up billion-dollar warships and set sail to intercept. We protect our trade routes and attack those pirates until they go away. We work with our international partners to freeze funds and arrest the criminals. With cybercriminals, we are just now starting to see initiatives aimed at international coordination to snuff out these crimes, but we haven’t seen a concerted effort – at least not visibly. The Biden administration has taken steps to work to coordinate with our allies internationally, but it remains to be seen how that cooperation will come together. Companies need to take cybercrimes, especially ransomware, seriously and employ means to protect themselves. It will be imperative for threat intelligence sharing forums to be utilized so industries can coordinate and be prepared to take on future cyber threats as well. After the devastating weather impacts on natural gas lines over the last winter and now the attack on Colonial, our nation’s infrastructure is in the spotlight and the resiliency of it is in question. Increasing the resiliency of our nation’s infrastructure has to be made a priority.

To contact the author, email mveazey@rigzone.com.



WHAT DO YOU THINK?


Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.


Most Popular Articles