Industrial Automation & Sensors Blog

Colonial Pipeline Ransomware Attack Highlights Unpreparedness of Critical Infrastructure Operators

by Jared Weiner | 05/14/2021


What Happened?

Colonial Pipeline, which operates the largest fuel pipeline in the country, shut down its operations on Friday following a ransomware attack. The attack ― which the FBI has attributed to a Russian criminal group known as DarkSide ― targeted the company’s IT systems, and is likely to cause a ripple effect impacting gasoline, diesel, and jet fuel prices throughout the east coast and potentially beyond. While some smaller segments of the pipeline have already reopened, Colonial has not yet disclosed by when it expects its operations will return to full capacity.

VDC’s View

PipelineThis is the latest of a number of high-profile breaches that have drawn attention to the consequences of inadequately secured critical infrastructure networks. As Colonial’s third-party-led investigation unfolds, one of the key variables will be whether the breach extended beyond the company’s IT systems and into the OT network. If the attackers were able to gain a foothold within the OT systems and devices controlling the pipeline’s operations, the remediation process will be more complex and the recovery timeline more lengthy.

Though attacks explicitly targeting OT networks have been relatively rare, the steadily increasing connectivity between OT, IT, and other external networks has led to an increased frequency of such attacks. Stuxnet remains particularly infamous due to the mainstream notoriety it received, and several attacks in the mid-2010s ― BlackEnergy, Industroyer, NotPetya, and TRITON/TRISIS, among others ― served as cautionary tales for industrial organizations. More recently, the SolarWinds breach made mainstream headlines in late 2020, and was followed several weeks later by an incident at a water treatment facility in Florida in which a hacker attempted to contaminate the local water supply by increasing the levels of sodium hydroxide to extremely dangerous levels.

Collectively, these breaches drive significant business for providers of industrial cybersecurity software and services.

More Insight

Which security strategies represent the best practices in this space? Which regulatory bodies are most influential in developing industry standards? How have IT security vendors adapted their traditional solutions to address industrial cybersecurity? VDC explored these topics and more in our recently published report, The Global Market for Industrial Cybersecurity Software & Services.