No one would have guessed that a typical ransomware attack would create a domino effect that ended in half of the United States going without gas. The Colonial Pipeline Attack was the wake-up call a lot of IT leaders needed; ransomware threats are growing, and they can do serious damage.
Why Was the Attack Successful?
For decades, IT professionals worked from the assumption that only state-backed cybercriminals would be able to hack into US infrastructure. The Colonial Pipeline revealed that was not the case. The FBI has confirmed this attack was carried out by DarkSide, a criminal gang established in 2020.
For this attack, the issue wasn’t technology. It was human. The company took the correct architectural approach from an IT security perspective, but the defenses were defeated by a seemingly innocent decision of a single person.
What Happened?
With the Colonial Pipeline, their gas flow monitoring system was on its own private network with an air gap. The data they were monitoring was so critical that it wasn’t worth the risk to connect it to the internet. From the IT Security perspective, they did everything right, they followed the best practices from the people, processes, and technology, yet the best defenses were still beat.
What was the problem, and how could they address it? Their air-gapped network became un-air-gapped when someone connected it to a Roku device to watch CSI Miami. This created an indirect but available pathway for malicious software to get onto their network. In a fleeting moment, the millions of dollars invested in a well-architected security strategy was rendered useless because of a single human error.
Eventually, Colonial was forced to pay about 75 bitcoins (valued at $4.4 million dollars) in order to get the pipeline running again.
How Can Ransomware Attacks Be Prevented?
Colonial was operating on the most secure network model, an air-gap network. Even though their network security was strong, they still fell prey to a ransomware attack. Let’s break down the levels of network security:
The Spectrum of Network Security:
Fair Security – Open Internet
For our day-to-day use of the internet, we can think of everything as connected. Your smartphone can pull data from a server on Amazon hosted thousands of miles away because there is a connection path to get from your phone to their servers and back.
Good Security – Segmented Internet
In a slightly more advanced scenario, you might use a virtual private network (VPN) to access data and software at your company while you work from home. In this case, the network connection or path to the software and data exists for everyone, but only for certain people will be let in.
Best Security – Isolated Network
An air-gap model provides the most network security available. In this scenario, your organization runs on an isolated network. Although this model is the most secure, many industries (like hospitals and banks) can’t operate an isolated network because they support many locations that need to stay connected remotely.
Go Beyond the Basics
As we’ve progressed through the internet age, we have all been taught the basic security hygiene we must practice. Don’t write passwords down on sticky notes. Don’t use the same password at multiple sites. Don’t click links in emails when you don’t know where they originated.
These lessons have been taught to us through examples just like the Colonial Pipeline. Unfortunately, it often takes dozens of similar events before business leaders make educating the organization a priority.
As we continue to see the rise of cybersecurity threats, the technology will keep in stride with the attack vectors of malicious actors. It is up to organizations to do two critical things:
- Keep up with the latest cybersecurity technology.
- Educate employees on the risks and pass on more IT security responsibilities to them.