Cybersecurity in industrial automation needs to be vigilant, responsive, and proactive. The recent Colonial Pipeline attack has highlighted for industry leaders the need for improved security, enhanced authentication measures, and back-office monitoring. In this article, we’ll explore the lessons to be learned from the incident, and how the team at ICA Engineering can assist you in protecting your factory or plant from an attack and the damaging aftermath.
The Colonial Pipeline Attack
Colonial Pipeline Co., the provider of approximately 45% of East Coast fuel, released a statement on Saturday, May 8, 2021, that it had been the victim of a cyberattack on May 7. The attack was conducted by a criminal extortion ring and resulted in a ransom payment of $4.4 million.
According to an article in The New York Times, the goal was to “hold corporate data for ransom.” The attack caused the company to take measures to verify that no financial or administrative functions had been compromised or infected by the malware. These measures included halting the distribution of gasoline, diesel, and jet fuel which was scheduled to be distributed along the East Coast.
The operations were restarted on Wednesday, May 12, but not before significant effects on the industry. These effects included, according to The New York Times, “long lines of nervous motorists at gas stations.” The pipeline had never been shut down before this event, so it led to some unpredictable results and concerns about inflation, price gouging, and other industry-wide ramifications.
Lessons Learned By Automation Leaders
The attack wasn’t hugely successful or coordinated with much precision, but even an inept attack was able to create a situation that resulted in a shutdown. This outcome illustrates the importance of cybersecurity. Here are some lessons to consider as a manager, engineer, or expert in industrial automation.
Back-Office Issues Directly Impact Industrial Systems
The ransomware targeted back-office systems. No component of the infection delayed production or removed control of operational systems, but the resulting crisis of compromised data achieved a similar effect.
These systems include customer data, financial statements, and other areas that aren’t part of the primary facility operations. Industry leaders need to realize that these systems need just as much security and monitoring as operational systems. Insecure data puts your automation plan or factory at risk of ransomware or another cyberattack that could cripple operations.
Security Is More Important Than Ever With Industry 4.0
The Industrial Internet of Things and Industry 4.0 offer increasing connectivity and increasing risks of cyber warfare. Find ways to maintain robust security as you continue to integrate controls and automate industrial processes. Industry 4.0 promises enhanced control and productivity, but it can’t be at the expense of cybersecurity. Here are some common mistakes made as industry leaders move forward with integrated systems:
- Failure to sign firmware
- No mutual authentication and hardcoded credentials
- Little or no encryption and authentication
Work with a team of technical specialists capable of performing a risk assessment and identifying any security gaps in your plant. As you integrate systems, you need to monitor authentication procedures and ensure your cybersecurity is up to date.
Monitoring Is Needed To Protect Industrial Control Systems
One reason some facilities are at risk is a lack of monitoring. If your operational technology lacks monitoring, you may not realize a cyberattack has occurred until after the event. Consider host-and-network-based logging and critical asset monitoring for real-time information about the security of your operational systems.
Consolidate the security status of all your systems into a protected, centralized database. Create backups and limit access to this database to maintain secure operations. Explore ways to segment, patch, and harden configurations as you prepare for Internet of Things security.
Even Amateur Cyberattacks Must Be Treated Seriously
Ransomware poses a far greater infrastructure security threat than the demanded payment. In the case of the Colonial Pipeline attack, the resulting damage was far greater than the demanded ransom. The secondary harm of a lack of stakeholder and consumer confidence and concerns about IT and operational technology (OT) security is just as serious and can be, over time, just as costly.
Treat any attempted cyberattack seriously. Even poorly executed or amateur attacks can have unforeseen consequences. Typical cybersecurity simulations often don’t properly highlight the seriousness of a ransomware threat. Future simulations and security measures must take even amateur attempts into account.
Disaster Recovery Plans Can Reduce Panic
In the event of a serious attack, your facility needs a disaster recovery plan. One factor in the crisis surrounding the Colonial Pipeline attack was the unexpected shutdown. A well-defined procedure can allow your facility to navigate a shutdown in an orderly, secure way to limit panic or other unexpected results of a cyberattack.
Once you have a plan in place, rapid responses are crucial. Secure critical areas of your operations and monitor signs of an attempted attack across IT and OT endpoints. An integrated detection and response protocol can quickly halt the spread of malware and prevent an attempted attack from becoming a serious event.
Review Your Industrial Automation Security Today
Your industrial automation facility needs to prepare for unexpected cyberattacks. Work with a systems integrator to identify any security needs in your operations and data management. Contact us at ICA Engineering to learn how a leading systems integration team can help shore up your defenses to prevent ransomware and other cyber threats.
Image Credits: By Ben Lefebvre and Eric Geller from Politico.com