Critical infrastructure companies need to fight cyber threats more effectively


The need for increased cybersecurity automation for critical infrastructure is greater than ever.

They say those who learn nothing from history are doomed to repeat it. One year after the Colonial Pipeline cyberattack, it is instructive to consider lessons learned and changes in cybersecurity practices of critical infrastructure organizations.

On May 6, 2021, Colonial, the largest pipeline delivering oil to the southeastern United States, suffered a major cyberattack that led to a six-day shutdown of the pipeline, causing fuel shortages, lines at the pump and a widespread tone about the dismal state of US critical infrastructure cybersecurity. The FBI attributed the attack to a Russian hacking group called DarkSide.

In response to the colonial breach, President Biden signed Executive Order 14028, requiring stricter software security standards for sales to the U.S. government, tightening requirements for detecting cyberattacks, and imposing new requirements to improve information sharing and training. The order also established a cybersecurity review board and the US Department of Justice convened a cybersecurity task force to increase prosecutions. All of these measures were supposed to greatly improve the cybersecurity posture of US critical infrastructure.

Today, following Russia’s invasion of Ukraine, the US government issued a “Shield Up” warning, saying operators and critical infrastructure companies must prepare for cyberattacks from Russian actors. Officials warn that Russia is actively attacking critical US infrastructure, including telecommunications base stations, oil pipelines and power grids. If successful, these attacks would cause massive disruption to the US economy.

Yet many critical infrastructure companies still lag behind in their cybersecurity posture. For example, oil and gas companies still have immature cybersecurity programs. From the perspective of a cyberwar, it is imperative that critical infrastructure companies invest properly in improving and modernizing their cybersecurity posture. Unfortunately, it’s not easy. Like all organizations, critical infrastructure companies face an explosive attack surface, a proliferation of ineffective cybersecurity tools that generate large amounts of data with little actionable insight, and an acute shortage of qualified infosec professionals.

It’s time to take a step back and breathe deeply. Here are four ideas that could help critical infrastructure organizations protect themselves against the next colonial pipeline.

1. Automate cybersecurity posture

Cybersecurity is no longer a human-scale problem. The attack surface has grown so rapidly that even the most seasoned infosec programs are unaware of all of their vulnerable areas. Critical infrastructure companies should prioritize automating cybersecurity workflows to allow security teams with limited resources to keep pace with required risk mitigation tasks. AI-powered automation can tackle routine tasks like discovering, prioritizing, and remediating known vulnerabilities, while human effort can be spent on more complex issues, like implementation adaptive, trustless, passwordless authentication against novel or unconventional attacks.

2. Build a layered approach to security

This is not the “defense in depth” approach of yesteryear. Faced with state actors, critical infrastructure companies can no longer rely on traditional firewalls and endpoint security to solve cybersecurity problems. They should focus on automation and proactive cybersecurity protocols and quickly implement additional layers of security to keep threat actors at bay. For example, they should self-monitor their security tools to validate if they are correctly deployed and configured. This includes identifying gaps in protection, such as parts of the enterprise software bill of materials that are not adequately protected. As we saw with Colonial Pipeline, failure to deploy these guardrails led to a devastating ransomware attack, resulting in a multi-day shutdown and a $4.4 million ransom payment.

3. Remove or augment legacy tools

Critical infrastructure organizations need to replace their old vulnerability scanning software and invest in modern tools that perform continuous vulnerability assessment and automated mitigation to the max. They also need to stop relying on outdated device and network technologies. As we saw in the Colonial Pipeline attack, an outdated VPN left the company vulnerable to nation-state attacks. If they cannot replace their tools for compliance and certification reasons, they should consider increasing them. Otherwise, the status quo will likely lead to a devastating situation for many people.

4. Follow universal standards and benchmarks

Today, every critical infrastructure company has its own risk management protocols, many of which are outdated. Ensuring the security of critical infrastructure requires universal standards based on transparency, openness and information sharing between industries and countries. Implementing modern security standards, such as the use of automation, will force laggards, such as oil and gas companies, to address vulnerabilities in a way commensurate with the threats they face today. .

Recently, the US government took a step in the right direction by signing the Cyber ​​Incident Reporting for Critical Infrastructure Act and increasing funding for CISA. Additionally, the SEC has proposed changes to cybersecurity regulations for all publicly traded companies. The SEC proposal calls for increased cyber incident reporting and periodic updates on past cyber incidents, including details of management and board protocols regarding cyber risk.

Outside of the United States, other countries are rapidly implementing their own regulations. In March, Australia passed the Critical Infrastructure Act Amendment which calls for improved risk management practices in Australia’s critical infrastructure sector, as well as increased transparency of threats that these industries face. The legislation includes additional requirements for enhanced security of Australia’s most important critical infrastructure assets. Australia’s efforts to tighten regulations within critical infrastructure certainly set an example for the world.

The #cyberattack on Colonial Pipeline was a great lesson. Critical infrastructure companies need to improve their protection against modern security risks using modern techniques and automation to comply with new #cybersecurity regulations. #respectdataClick to tweet

Cybersecurity is an ever-changing situation, with new threats, vulnerabilities, and backdoors being exposed almost daily. The cyberattack on Colonial Pipeline was a great lesson for governments and organizations that protecting the cybersecurity of our most critical infrastructure is of the utmost importance to avoid significant economic disruption. To prevent history from repeating itself, it is imperative that critical infrastructure companies improve their protection against modern security risks using modern techniques and automation. Automation is also the only way for them to comply with new cybersecurity regulations.


Comments are closed.