You are here

Home

Why IT-Based Ransomware Matters for ICS Operations – Colonial Pipeline Ransomware Attack

Why IT-Based Ransomware Matters for ICS Operations – Colonial Pipeline Ransomware Attack

Created: Tuesday, May 11, 2021 - 14:29
Categories:
Cybersecurity

Ransomware attacks have ubiquitous relevance for all organizations, regardless of targeting set/victimology or targeted system (IT or OT) of the attributed ransomware group/family for any given incident. For every cyber threat group that claims they don’t target particular sectors or types of organizations, there are many more groups that do not espouse similar tenets. For example, while Darkside proclaims to only support targeting high-value victims capable of paying outrageous demands, many other ransomware groups are indiscriminate and opportunistic and project no such illusion.

Details notwithstanding, the Colonial Pipeline incident is perhaps one of (if not) the most impactful attack known against U.S. critical infrastructure, thus far. And while it does not come as another “wake-up call” for the cybersecurity community, critical infrastructure owners and operators across all sectors are urged to take notice, as it does represent another example of how OT environments can be adversely affected even if malware does not propagate beyond IT systems. Furthermore, what is occurring at the Colonial Pipeline bears resemblance to the LockerGoga incident response at Norwegian aluminum production giant Norsk Hydro in March 2019. Likewise, similar to Oldsmar (and Norsk Hydro), the Colonial Pipeline incident presents another opportunity for members to exercise (or develop) their incident response (IR) plans in response to someone else’s incident.

According to #11 – Plan for Incidents, Emergencies, and Disasters from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, an effective cyber incident response (IR) plan will limit damage, increase confidence of partners and customers, and reduce recovery time and costs. Developing and practicing plans in advance for how the utility will respond to incidents, emergencies, and disasters is critical for recovering from such events before they occur - including ransomware. For more preparedness guidance, Verve Industrial offers some practical lessons for industrial organizations in the face of ransomware. For more, visit Verve Industrial.