What happens when America’s most important fuel pipeline stops functioning? No, this is not a thought experiment. This happened. And it happened just last week! The incident was a very hard-to-miss one as the complete shutdown of the crucial pipeline led to panic-buying and widespread gas station outages in the Southeast. It also prompted oil industry executives to warn that gas hoarding was worsening the supply crunch.
So what exactly happened? Let’s dive in. Colonial’s 8850 km long pipeline, which flows at 8 kmph was “hacked” by DarkSide group, which then demanded a $5M ransom. While we know that some amount of the ransom was paid, the exact figure remains undisclosed. But more than the ransom amount, what we find shocking is the fact that this hack happened even though Colonial had increased its spending on IT and IT security by more than 50% since 2017.
But let’s not forget the fact that this attack’s significance transcends the $5M ransom multi-fold. For starters, Colonial Pipeline is an industry behemoth responsible for transporting 45% of the fuel to the entire East Coast of the USA via its exhaustive pipe network. This makes an attack on the pipeline potentially one of the costliest attacks on an economy, due to the second-order effects of fuel shortages, hoarding, and price hikes.
While we can theorize the motives behind the hack, the fact remains that this sets a new bar for the audacity of cyber-crime; despite the prevalent international conflicts, even foreign intelligence services and military hackers hadn’t dared inflict such a massive disruption. This hack, therefore, marks one of the largest invasions to American infrastructure in the recent past. Consequently, it also provides an alarming manifestation of the enormity of the global threat of cyber-attacks. The impact of these attacks is amplified when critical industries like oil and gas are targeted.
Thus, it is noteworthy that the oil and gas sector is no stranger to cyber-attacks. With increased digitization and emphasis on sustainability transformation, the industry’s technological ecosystem has become increasingly complex, making it vulnerable to cyber threats. A testament to this is the fact that in 2012, the world’s biggest oil and gas company — Saudi Aramco was attacked with a virus named “Shamoon” which erased data from 35,000 computers. A similar attack was reported on the Qatar-based company — RasGas, a leading producer of LNG in the gulf.
Ransomware – A cyber epidemic
Lest you presume that ransomware cyberattacks of the nature that beset Colonial were rare, some of the industrial companies who have been victims of such attacks include Maersk, Honda, Johannesburg’s electric utility, etc. Hackers haven’t even spared hospitals, law enforcement systems, and municipal services from their ransomware attacks. In the last few years, a disturbing trend of ransomware targeting critical infrastructure is observed and this surge is estimated to increase, as a consequence of the exposed vulnerabilities of digital systems.
Cybercriminals attack critical infrastructure and utilities, predominantly for profit. The Baltimore ransomware attack cost approximately $18.2 million, resulting in damage. While most companies in the sector have realized the importance of identifying and mitigating risks relating to cybersecurity, a lot remains to be improved as far as OT and IT cybersecurity controls are concerned. Utilities conventionally boast a geographically expansive network, making it difficult to exercise controls over IT/OT systems and associated correlations. This translates into a high cost of surveillance and security infrastructure, a challenging proposition for many organizations seeking to achieve the said risk mitigation.
The legacy conundrum of OT systems
Most OT systems still operate on legacy systems, which can be serviced by a selected few vendors (OEMs). These vendors often fail to provide adequate security measures in the ecosystems due to low investments in security-focused equipment and software. In case of any security breach in an OT system, the turnaround time is usually high due to dependency on the OEM-specific processes and configurations. Also, the costs of an OT system upgrade are usually high, usually costing more than $100 million.
From artificial intelligence to threat intelligence
An integrated approach encompassing IT and OT can ensure the identification of security gaps and timely mitigation of vulnerabilities. In case of periodic processes of maintenance or ad hoc incidents of trouble ticketing, an alignment in decision-making can effectively mitigate security threats. Responding and coordinating in the event of any unusual activity in a digital ecosystem requires a robust decision intelligence framework.
Anomaly detection is increasingly being applied to critical datasets across industries, including risk mitigation of security breaches. Eugenie’s industry-recognized solutions offer rapidly deployable AI-based solutions that can speedily perform root cause analysis and raise timely alerts in the events of cyber threats. Our technology improved the cyber-security of a smart water distribution network – when the municipality tested us, our accuracy in real-time detection and mitigation of attacks was 10% higher than the best solution they had come across until that time.
Explainable AI to speed up data-to-decision
For effectively mitigating a cyber threat, timely detection and subsequent shutdown of operations are critical. Identifying ransomware or malware is a classic case of “unknown unknowns”, which require powerful machine learning algorithms. Machine learning models integrated with industry 4.0 platforms can detect unusual activities and subsequent diagnostic insights can protect utilities and similar vulnerable networks against malicious activities. Eugenie’s solutions can be deployed on-premise and on edge for highly sensitive data sets. OT and IT units can maintain the separate firewalls on edge, but we recommend a coordinated firewall policy to ensure seamless data access across the networks.
Identifying security gaps for bolstering utility networks
Utility organizations must strive to implement an integrated solution addressing the vast organizational, geographical, and technical gaps. The proliferation of today’s cyber threats requires rapid implementation of detection, reaction, and action. Democratizing the data-to-decision journey across various organizational units is essential for creating cyber-resilient systems. Eugenie’s corporative ecosystem of human-AI collaboration is tailor-made to expand the decision authority of IT/OT architectures and networks. An end-to-end platform that enables two-way communication in the event of attacks requires to act as the protective eyes and ears of the organization. Eugenie’s Responsible AI platform helps to create security linchpins in the form of empowering diagnostic frameworks.
Creating an integrated and inclusive security approach in the utilities would require holistic and realistic maturity assessment processes. Capability benchmarking and continuous improvements of security infrastructure can lead to incremental changes. Mapping key business functions to the security value chain through AI-enabled ecosystems is urgently needed for the effective protection of key organizational information and assets.
Get a glimpse of Eugenie’s robust solution for protecting your organizations against emerging threats of cybersecurity.
We endeavor to make these blogs relevant and informative to you, and we welcome your feedback. If these blogs inspire you to join us in solving the mentioned challenges, check out our opportunities, to connect with us. To learn more about how Eugenie can secure your critical distributed infrastructure, talk to us today or feel free to reach out to us at firstname.lastname@example.org.