The Colonial Pipeline Co. was recently in the news due to a cyber attack. This incident brought cybersecurity and the entire pipeline industry into the spotlight. Every business and organization absolutely needs a cybersecurity strategy, and it’s especially important for major networks like pipelines and utilities.
What Happened in The Colonial Pipeline Co. Attack?
The Colonial Pipeline Co. provides about 45% of the fuel delivered to the East Coast, and on May 7th, Colonial Pipeline announced that they had been the victim of a cyber attack, causing them to temporarily cease all pipeline operations. As a result of the supply outage, some states saw substantial gas shortages and hoarding of fuel by consumers.
Hackers took control of Colonial’s operations, threatening to lock computer records unless the company paid a ransom. The CEO made the decision to pay the $4.4 million ransom (or 75 bitcoin) as they were unsure how badly the company had been affected or how long it would take to bring the pipeline back if they didn’t. The hackers returned with a decryption tool that helped restore some but not all of the systems. The FBI does not recommend paying cyber attackers as it only fuels more attacks, but many organizations feel that compliance is the only way to avoid further disruptions and profit losses.
The attack has since been linked to the DarkSide: a criminal gang from Eastern Europe. The breach may have been helped along by the coronavirus, which required some engineers to access control systems from home.
Cybersecurity Requirements and The Pipeline Industry
Unlike electric grids, there are no mandatory cybersecurity rules for pipeline companies. The Transportation Security Administration (TSA) is in charge of the cyberdefenses of 2.7 million miles of pipeline networks within the United States. Although the TSA recommends that companies alert the office of any cyber attacks as soon as possible, it is not required.
Consequently, lawmakers are working to introduce legislation that will help provide extra defense to pipelines. The Pipeline Security Act would make security the responsibility of both the TSA and the Cybersecurity and Infrastructure Security Agency (CISA), while additionally requiring the TSA to update pipeline security guidelines, create personnel strategies, and conduct risk assessments.
The Department of Homeland Security also made it a requirement to report any confirmed and potential cybersecurity problems to the CISA and to establish a Cybersecurity Coordinator who is available 24/7. The TSA may soon introduce mandatory measures as well.
How the Pipeline Industry Can Improve Cybersecurity
There are steps pipeline companies can take in an effort to protect their own operations and business: this is critical as these organizations use more technology like automation and remote access. Breaches can put pipeline companies at risk of similar ransom scenarios, and more nefarious hackers could cause havoc in automated operations that result in explosions, sabotage, theft of IP, or equipment damage.
Some preventative steps include:
- Conducting risk assessments.
- Keeping software, systems, and equipment updated.
- Working with the CISA for a Validated Architecture Design Review (VADR).
- Educating employees on cybersecurity practices.
- Updating strategies and security protocols for remote work and remote access.
- Reviewing cybersecurity protocols and practices regularly.
- Taking advantage of the assessments, services, and tools in the Pipeline Cybersecurity Resources Library from CISA.
How Shea Writing & Training Solutions Can Help
To ensure your cybersecurity meets current demands and contends with evolving threats, it’s essential to have policies, guidelines, and plan processes in writing. This will help ensure you’re meeting the latest requirements from various government agencies while also keeping your team informed on threat prevention protocols and prepared to respond if pipeline operations are breached.
Your pipeline cybersecurity policies should outline the rules regarding cybersecurity and behaviors all your employees must follow. Clear guidelines will take this a step further by recommending practices and behaviors that protect the company and operations. Detailed processes help your team perform appropriate updates, enact cybersecurity protocols, and detect threats or active breaches.
Working with a technical writing team that understands your industry and the importance of clarity in cybersecurity documentation helps ensure your pipeline organization has the tools needed for both prevention and reaction, reducing risk to your team. We are dedicated to helping organizations like yours craft technical information and easy-to-understand content that is focused on safety and efficiency.
Attacks on companies like the Colonial Pipeline Co. are nothing new, and it is not the last time an organization like a pipeline will be the target of a cyberattack. It’s essential to have strategies in place now, not after, to help protect your business, operations, and employees from being the victim of a similar attack.