Over the weekend, the Alpharetta-based Colonial Pipeline was hit by an extensive ransomware attack that shut down its information technology (IT) and industrial operational technology (OT) systems. Simply put, an all-too-common ransomware event targeting IT systems encouraged a voluntary shutdown on the production side (OT) of the business to prevent further exposure. Colonial Pipeline is responsible for 45% of the gasoline, diesel fuel and natural gas transported from Texas to New Jersey. A shutdown of this magnitude has the potential to net a negative economic impact and it reiterates the need to safeguard our critical industrial systems.
In today’s global quest for more data, incremental efficiency gains and desire to apply artificial intelligence (AI), numerous industries are connecting their OT systems to both the internet and other IT systems. For Colonial, the incident appears to be isolated to IT functions, but the nature of a converged environment presents implications for operations. Here are a few solutions to consider that can mitigate cyber risk (IT) and production risk (OT):
Increasing IT and OT Visibility
Beyond this specific event, industrial companies and utilities are increasingly becoming a target for cybercriminals because there is often limited visibility and monitoring of the OT devices on their industrial networks. Additionally, with IT and OT beginning to converge and more devices becoming accessible, there is a need to have complete visibility from the C-suite to the sensor. Here we saw the direct impact of an IT event on OT systems, which reinforces the importance of maintaining visibility of assets across your entire network.
Government Support
Recently, the Biden administration issued a 100-day sprint to identify weaknesses in electrical infrastructure along with a Request for Information (RFI) from the Department of Energy (DOE) regarding supply chain risks to the U.S. electric system. In parallel, recent Senate bill S.914 addresses wastewater infrastructure, which further echoes the need for a concerted effort to safeguard our critical systems. Funding, grants, tax or stimulus incentives should be available to those companies implementing strong security hygiene. There should also be reassessment and regular conversations between utility peers on best practices, frameworks and internal policies.
Resources for Industrial Security Teams
We also know that security teams are becoming overwhelmed and, in some cases are not properly resourced to manage solutions and data coming from multiple devices across IT and OT environments. For this reason, many have become more reliant on managed services like ExpertOps or providers to manage multiple solutions.
This event (and many others) has shown us that when it comes to securing an IT-OT environment, it all starts with visibility. You can’t protect what you can’t see. Tripwire solutions are designed to provide you both IT and OT controls to enhance, augment and improve your cybersecurity posture. With Tripwire’s suite of integrated solutions, you can easily extend your IT controls into your OT network and OT controls into your IT networks, providing you with a holistic & unified view and approach to cybersecurity. You can find out more about Tripwire’s solutions at www.tripwire.com.
Achieving Resilience with NERC CIP
Explore the critical role of cybersecurity in protecting national Bulk Electric Systems. Tripwire's NERC CIP Solution Suite offers advanced tools for continuous monitoring and automation solutions, ensuring compliance with evolving standards and enhancing overall security resilience.