Ransomware is evolving. How long until it takes down operational technology?
In May 2021, Colonial Pipeline, one of the largest fuel pipelines in the United States, faced a ransomware attack. The company, which transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor, shut down work for several days. It also showed how open our energy infrastructure is to cyber attacks. More and more, we rely on tech to run critical systems and operations. So, protecting systems and networks is more crucial than ever. See how attacks in these sectors are growing and what organizations can do to bolster their protections against bad actors. Check out our top news from the world of energy and utility security so far in 2021.
Top Energy & Utility Insights
7-Minute Read 🕒
Shedding Light on the DarkSide Ransomware Attack
As ransomware evolves, there’s growing concern about the potential for it to spread to operational zones and upstream to the overall supply chain. After all, that could cause widespread damage. In fact, IBM Security X-Force data found that ransomware attacks were the most common threat to organizations that use operational technology (OT) in 2020. Why? Threat actors may find these to be attractive for ransomware attacks. After all, they face costly downtime and can impact a wider ecosystem and individual consumers. Look at the growing threat of groups like DarkSide, the gang allegedly behind the Colonial Pipeline attack. See how a zero trust approach paired with other tactics can help energy and utility groups reduce their ransomware risk.
3-Minute Read 🕒
Poison in the Water: The Physical Repercussions of IoT Security Threats
When the water treatment plant in Oldsmar, Florida was breached earlier this year, a frightening potential problem suddenly came true: an Internet of things (IoT) incident had moved into the physical world. The attacker changed the amount of sodium hydroxide in the public water supply from 100 parts per million to 11,000 — what could be a dangerous level of lye. If consumed, the water could have caused loss of vision, pain and shock, among other symptoms. Luckily, the attack was stopped and the public wasn’t harmed. But it brought to light once again that the rise of IoT devices comes with risks. Read this article to find out ways you can help protect your organization against cyber-physical attacks.
3-Minute Read 🕒
A New Directive for Pipeline Operators Puts Cybersecurity in the Spotlight
Cyberattacks against critical infrastructure are increasing. In response to the disruptive and destructive nature of these attacks, the U.S. federal government released a new DHS/TSA Security Directive, “Security Directive Pipeline-2021-01, Enhancing Pipeline Cybersecurity,” and warned critical infrastructure companies to step up their defenses. Find out more about the directive’s broad set of requirements for owners and operators and its three critical actions.
5-Minute Read 🕒
It’s an Operational Technology World, and Attackers Are Living in It
The IBM Think 2021 virtual conference in May featured a panel by Tenable Vice President of Operational Technology Security Marty Edwards and X-Force Red Hacking Chief Technology Officer Steve Ocepek. Before they delivered their address, Edwards and Ocepek sat down for an interview. They covered the threat landscape of OT, the various attack paths against OT, vulnerabilities that are enabling attackers to succeed and how to reduce the risk of an OT compromise. Read this article to find out what they had to say.
7-Minute Read 🕒
Threat Actors’ Most Targeted Industries in 2020: Finance, Manufacturing and Energy
IBM Security’s annual X-Force Threat Intelligence Index gathers insights about the topmost targeted industries every year. This year’s index showed energy was one of three industries at the top of a list of targeted sectors. Roughly 35% of attacks on the energy industry were attempted data theft and leaks. With 11.1% of attacks on the top 10 industries in 2020, energy ranked as the third most attacked industry, up from ninth place the year prior. Server access attacks on the energy sector hit hard in 2020, too. The industry came in fourth place after health care for the highest number of such attacks. Read the article to find out more.
More on the Status of Energy & Utility IT Security
In September, Vanguard reported that the office of the National Security Adviser will commence a three-month Cyber Security Sensitization outreach across seven at-risk sectors of the nation’s economy, including the energy sector.
Also in September, The Guardian reported that a quarter of cyber incidents reported to Australian security officials over the past year have targeted critical infrastructure and essential services, including health care, food distribution and energy.
Finally, IT for All published a report on the pros and cons of IoT for energy and utilities.
Justine Brown is a contributor for SecurityIntelligence.