Investigators at the largest fuel pipeline in the US are working to recover from a devastating cyber-attack that cut the flow of oil. The hack on Colonial Pipeline is being seen as one of the most significant attacks on critical national infrastructure in history.
How can a pipeline be hacked?
Colonial Pipeline relies on digital technology to control the flow of diesel, petrol, and jet fuel across hundreds of miles of piping. It even has a robot that scurries through its pipes that checks for anomalies. All this technology is connected to a central system, and where there is connectivity, there is risk of cyber-attack.
How did the hackers break in?
Direct attacks on operational technology are rare because these systems are usually better protected. So it’s more likely the hackers gained access to Colonial’s computer system through the administrative side of the business.
Some of the biggest attacks start with an email. An employee can be tricked into downloading some malware or sharing credentials. There have also been recent examples of hackers getting in using security weaknesses or by compromising third-party software.
Hackers could potentially have been inside Colonial’s IT network for weeks or even months before launching their ransomware attack. In the past, criminals have caused mayhem after finding their way into the software programs responsible for operational technology, such as the recent SolarWinds scandal.
How can critical services be protected?
The simplest way to protect operational technology is to keep it offline, with no link to the internet at all. But this is becoming harder for businesses, as they increasingly rely on connected devices to improve efficiency and with remote working becoming commonplace more during the Covid-19 crisis .
It is down to organisations to take responsibility for this by implementing the type of cyber-security that is appropriate and proportionate. If your business systems are attacked, the impact might not appear to be as disruptive as the Colonial Pipeline hack. However, it could be devastating for you, your company and your customers. Aside from the operational disruption, you might find yourself in a compromised legal position due to Data Protection breach.
There are best practices and tools that can protect you from these attacks – particularly the avoidable ones where a simple mistake can allow a hacker into your system. Speak to one of our team and we will ensure you have the right tools to protect your business.
Call us today on: 020 3327 0310
Or email us at: firstname.lastname@example.org
You can also check out our website: https://www.trichromic.co.uk/