WORLD NEWS Colonial Pipeline hack prompts new US cyber security bill In an Executive Order published on 12 May 2021, entitled: ‘Improving the Nation’s Cybersecurity’, US President Joseph Biden declared an intention to “make bold changes and significant investment” in protecting against cyberattacks. The Executive Order includes nine areas of change: policy; removing barriers to sharing threat information; modernising federal government cybersecurity; enhancing software supply chain security; establishing a cyber safety review board; standardising the federal government’s playbook for responding to cybersecurity vulnerabilities and incidents; improving detection of cybersecurity vulnerabilities and incidents on federal government networks; improving the federal government’s investigative and remediation capabilities; and national security systems. The Order states that “the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” As noted in the administration’s accompanying Fact Sheet, the Executive Order is a direct response to recent high-profile cybersecurity incidents. The executive action follows the Colonial Pipeline ransomware attack, in which the oil pipeline system was targeted by a criminal cybergroup encrypting its system and demanding a ransom. Although the attack was aimed at business technology, it caused Colonial Pipeline to shut down operations on a major pipeline serving the Northeast, leading to gas shortages and panic buying.
US government prepares to boost pipeline cyber protections The Biden administration is reportedly working with pipeline companies to strengthen protections against cyberattacks following the Colonial Pipeline hack. The Transportation Security Administration (TSA), a unit of the Department of Homeland Security (DHS), “is co-ordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems,” reports Reuters. The TSA is also reported to be collaborating with another branch of DHS, the Cybersecurity and Infrastructure Security Agency. DHS said it will release more details “in the days ahead,” without providing particulars. Representative Bennie Thompson, Chair of the Homeland Security Committee in the House of Representatives, called the move “a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately.”
GlobalData: Colonial attack will concentrate government and operators’ minds on ransomware threat Following the disclosure of the cyberattack on the Colonial Pipeline, David Bicknell, Principal Analyst, Thematic Research at GlobalData, a leading data and analytics company, offers his view: “The economic impact wrought by this cyberattack will bring home to government and energy operators the vulnerabilities in critical infrastructure. “This is not the first ransomware cyberattack on an oil and gas utility – and it won’t be the last – but it is the most serious. It is also potentially one of the most successful cyberattacks against US critical national infrastructure. “Although cyberattacks have typically targeted corporate IT systems, the risk of those jumping across to operational technology (OT) systems has become much more prevalent. “The security industry must find a way to help organisations especially utilities - develop both defensive measures to prevent these attacks and the requisite best practice for responding to them.”
ISACA survey: IT security experts share insights In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1200 members in the US and found that 84% of respondents believe ransomware attacks will become more prevalent in the second half of 2021. The Colonial Pipeline attack resurfaced preparedness for ransomware attacks as a front-burner topic for enterprises around the world. Colonial reportedly authorised a ransom payment of US$4.4 million. In the ISACA survey, four out of five survey respondents say they do not think their organisation would pay the ransom if a ransomware attack hit their organisation. Only 22% say a critical infrastructure organisation should pay the ransom if attacked. “In a vacuum, the guidance not to pay makes total sense. We don’t want to negotiate with criminals,” said Dustin Brewer, Senior Director of emerging technology and innovation at ISACA. “But when you need to get your business back online, a cost/benefit analysis is going to come into play, and a company is going to do what it needs to do to have continuity. Good cyber-hygiene has to be a focus to avoid getting to this point.” Among the survey’s other findings: ) 85% of respondents say they think their organisation is at least somewhat prepared for a ransomware attack, but just 32% say their organisation is highly prepared. ) Four in five respondents say their organisation is more prepared
for ransomware incidents now than four years ago, when the WannaCry, Petya and NotPetya attacks inflicted major damage. And two-thirds of respondents expect their organisation to take new precautions in the aftermath of the Colonial Pipeline incident. ) Nearly half of respondents (46%) consider ransomware to be the
cyberthreat most likely to impact their organisation in the next 12 months.
JUNE 2021 / World Pipelines
5
