Colonial Pipeline Incident: NP Statement
The cyberattack against Colonial Pipeline that was discovered on May 7 underscores the growing impact of cyberthreats on industrial sectors. While the investigation is ongoing and important lessons from this attack will be extracted in the coming weeks, the fact that Colonial Pipeline had to proactively take their OT systems offline after learning about which IT systems were impacted by the ransomware is significant. This decision has halted all pipeline operations, making this attack the most disruptive incident against US energy infrastructure to date.
Our dependency on connected cyber systems keeps increasing and it is vital to gain and maintain accurate visibility on which communications are allowed between our IT and OT systems. Incident response teams need this visibility immediately when an attack is discovered in order to make informed decisions. Without clear situational awareness, organizations are often unable to fully understand the impact of cyberattacks on their infrastructure and may be forced to take action with significant operational and financial impact.
We recommend every organization with industrial systems to start a network architecture review today in order to understand which communication paths are allowed into their critical assets. We also recommend incident response teams to leverage this current event to conduct a tabletop exercise by evaluating the impact of an IT-targeted ransomware on their OT environment. The network architecture review and the scenario assessment will have a major impact on enabling your organization to become cyber resilient. The team at Network Perception will continue to monitor this incident and to keep you informed. Please contact us if you have questions or need support, we are here to help. It is critical to update and exercise your incident response plans immediately.