As we have seen since May 7, cybersecurity of critical infrastructure has taken a front seat in the national conversation. We are living through a cybersecurity incident that extends well beyond the confines of the operational environment and into the nation’s daily life. We are all witness to how debilitating a cyber incident can be.
While the full impact of the Colonial Pipeline incident continues to be determined, here’s what we know:
- Colonial Pipeline, the largest fuel pipeline system in the United States, extends 5,500 miles and stretches from New York to Texas. It can carry 3 million barrels of fuel per day between Texas and New York, and it was forced to shut down May 7 after a group of hackers now identified as DarkSide infiltrated its networks.
- Colonial Pipeline was forced to shut down its entire operations for five days as a mitigation method.
- The shutdown prompted regional gasoline shortages, which caused temporary price spikes.
- Colonial Pipeline paid $5 million in ransom to regain access to its network.
The federal government has responded with a significant move in President Biden’s latest executive order (EO). It reaches deeper into the private sector and delves into significantly more focus on operational technology (OT). Highlights of the EO:
- Removes barriers to sharing of threat information between government and the private sector.
- Modernizes and implements stronger cybersecurity standards and models in the federal government.
- Improves software supply chain security.
- Establishes a cybersecurity review board.
- Creates a standard playbook for responding to cyber incidents.
- Improves detection of cybersecurity incidents on federal government networks.
- Improves investigative and remediation capabilities.
But the question for operators of critical infrastructure is how to protect and mitigate the cybersecurity risk and maneuver through the changing cyber policy landscape.
1898 & Co. advises a multipronged approach to OT cybersecurity — identify, protect, detect, respond and recover. The first focus on protection deals with changing the way OT looks at the current cybersecurity model — from perimeter-based to zero-trust. Traditional perimeter-based security models that rely on implicit trust and network access are falling short of protecting the connected infrastructure needed for digital transformation and grid modernization. A zero-trust security approach to OT/ICS/SCADA networks and operations can reduce risk by having users and devices authenticated with each access point before receiving access. The new EO specifically calls for the implementation of zero-trust security as one of the primary mechanisms to defend critical assets.
Supplementing the OT zero-trust security model with monitoring is imperative. Having visibility to the most critical assets and monitoring those assets can enable operators to detect breaches and intrusion when all preventive protection fails. Furthermore, monitoring and subsequent detection allow for better informed decisions to contain an attack.
The third area of focus is on the response to the intrusion. An operator’s plan for how to respond to an incident will make a difference in the overall impact of an event. It is recommended to have an incident response retainer in place that offers the opportunity for the organization to walk through scenarios and determine the course of action so it will not be caught unprepared. The 1898 & Co. Incident Response retainer also focuses on incident preparedness in a proactive manner, which is key to efficient execution of the incident response plan.
As cybersecurity continues to rank as a top business continuity risk, we encourage everyone in critical infrastructure to take proactive steps toward preparedness and resiliency.
1898 & Co. and Xage Security recently conducted a joint webinar that discussed the benefits of the zero-trust security approach to OT/ICS/SCADA networks and operations.