Ransomware Crisis: 11 Actions to Secure Critical Infrastructure

Why Securing our Critical Infrastructure Matters

Operational Technology (OT) remains a key, but vulnerable, technology for organizations with critical infrastructure. The U.S. Government has defined critical infrastructure as those “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

OT systems are crucial components in producing and delivering many of the resources that we rely on daily, such as clean water, fuel, and electricity. Other Industrial Control Systems (ICS) are fundamental to necessary services such as traffic light systems, automotive plants, and waste management facilities. Despite the societal importance and reliability of these systems, OT infrastructure remains insecure and vulnerable to cyberattacks that can cause physical harm to the public or interrupt the delivery of critical services.

Organizations operating critical infrastructure can mitigate the impact of security incidents and increase the resiliency of their OT infrastructure by following some key components of basic cybersecurity hygiene.

The Colonial Pipeline Ransomware Attack

Colonial Pipeline is a fuel pipeline company located just north of Atlanta, Georgia responsible for providing approximately 45 percent of the gasoline supply to the east coast of the United States.

On May 9, 2021, Colonial Pipeline released a statement acknowledging that they were a victim of data theft and ransomware attacks affecting their IT environment. Multiple news outlets reported that on May 7, the hacker group being called “Darkside” infiltrated the Colonial Pipeline network and stole over 100 gigabytes of proprietary data.

Upon confirming the May 7 incident was a ransomware attack, Colonial Pipeline immediately shut down a portion of its systems and remained offline until May 12 to both contain the attack and to protect the safety and security of its pipelines and the safety of the general public. Colonial Pipeline has engaged law enforcement…