INSIGHT ARTICLE |
Cybersecurity in industrial environments has always been a concern, but the current cyberthreat landscape is making it a priority. On May 7, Colonial Pipeline, the operator of the largest fuel pipeline supplying the eastern United States, fell victim to a ransomware attack. The attack led the company to freeze its IT systems and shut down all pipeline operations for several days as a protective measure, which is leading to major shortages of gas, diesel and jet fuel throughout the eastern United States. The Colonial Pipeline ransomware attack has exposed how the industrial sector is at high risk for devastating cyberattacks.
Why is the industrial sector at such high risk of destructive cyberattacks?
For decades, our economies and daily lives have depended on operational technology (OT), such as industrial control systems (ICS) or supervisory control and data acquisition systems (SCADA), for basic necessities like bringing water, power and gas into our homes; transporting gasoline needed for vehicles; running public transit; and manufacturing consumer products like food, medicine and beverages.
OT was not designed for our digital world, and therefore, much of our critical infrastructure runs on legacy systems that are more susceptible to cyberattacks. Many of these systems don’t have the protective features and capabilities that we’ve come to expect from modern systems (e.g., antivirus, security patches, passwords, etc.). Operational limitations historically kept such protections from being used. However, the need for real-time information when making business decisions and optimizing performance has required these systems to be connected to our business networks and the internet.
Cyberattacks on these systems now have the ability to affect the safety of workers and the public. As a result, our critical infrastructure must not only secure these systems against attacks, but also design operational resilience for continued operations in the event of a successful cyberattack.
What is the potential fallout of a cyberattack affecting OT?
Considering the impact these OT/ICS/SCADA systems have on our daily lives, including many critical infrastructure processes, the availability of these systems, and any other applications they rely on, is critical. As with the Colonial Pipeline ransomware attack, security breaches in the IT environment can create a chain reaction that is harmful to our economy, infrastructure and daily lives.
Here are some possible consequences when OT/ICS/SCADA systems are impacted by a cyberattack:
- Loss of utilities – No water, energy or gas for homes, hospitals and military bases
- Loss of communications – No cellphones or landlines, no first-responder communications
- Transportation disruptions – Insufficient fuel to supply cars, buses and planes; delays or loss of automation-dependent public transit (e.g., subway, light rail)
- Public safety concerns – Explosions, contamination of air and water, civil unrest resulting from prolonged loss of utilities
- Scarcity of consumer products – Cleaning supplies, food, medicines, beverages, etc.
Has the industrial sector ever experienced an attack like this before?
Actually, many times. In fact, the online database RISI, which tracked security incidents affecting OT/ICS/SCADA systems, identified more than 150 such events by January 2015. Some notable recent attacks include the following:
- In March 2021, Molson Coors suffered a ransomware attack that affected its business and brewery operations, leading to supply chain disruptions and shortages of its products on some store shelves.
- In June 2020, Honda suffered a ransomware attack that led it to shut down factories in Japan, Europe and the United States and disrupted customer service and financial services.
- In February 2020, an energy company shut down a portion of its pipeline for two days after ransomware hit a natural gas compression facility.
So while details of the Colonial Pipeline attack are still emerging, this is not the first time that a cyberattack has disrupted operations. It’s just the most recently publicized and impactful one to affect the United States.
Safeguarding against cybersecurity incidents affecting operations
Although it’s too early to tell how the Colonial Pipeline event could have been prevented, many of the existing recommendations for the security of OT/ICS/SCADA environments and protections against ransomware continue to ring true. The joint guidance released by the Cybersecurity and Infrastructure Security Agency (CISA) and FBI following this incident reaffirm such recommendations.
Not all companies need highly complex security programs, but any industrial environment should have an industrial control security program in place. When developing these programs, companies should consider basic elements to protect their systems, detect possible attacks, and respond and recover from an incident. Examples of basic cyber hygiene that CISA has recommended as countermeasures include the following:
Reduce the risk of compromise by using or implementing strong security measures like:
- Multifactor authentication (e.g., one-time PIN, hardware token) for remote access to IT and OT networks
- Asset mapping to identify critical systems for operational processes to ensure those systems are properly secured
- Continuous security assessments to evaluate the access and impact of an attacker on the network
- Spam filtering to prevent phishing emails with malicious files and links from getting to users
- Security training and phishing testing to support user awareness
- System security updates to avoid compromises with known vulnerabilities
- System hardening to disable unnecessary applications and services that attackers commonly use
Reduce the impact of an attack by:
- Implementing network segmentation between IT and OT environments to prevent attacker access to OT systems, and to allow continued OT operations in case of IT environment compromise
- Identifying system dependencies and testing manual workarounds to build resilience against technology-induced outages
- Implementing monitoring and detection mechanisms to be alerted of malicious activity instantly
- Backing up critical systems and data regularly, testing the backups, and keeping offline and offsite copies
How can RSM help?
RSM has a dedicated team of cybersecurity professionals specialized in OT/ICS/SCADA environments. Our practice leaders have experience in securing companies in the oil and gas, power and utilities, manufacturing, chemical/petrochemical, mining, and communications industries, among others.
We have helped our clients through assessing their current state, designing right-sized OT/ICS/SCADA security programs and architectures with an implementation roadmap, and implementing these programs and architectures with the technical, strategic and governance-related components.
For companies wondering whether something like this could happen to them and how well they are protected, we offer a rapid OT/ICS security assessment, which includes:
- OT/ICS architecture evaluation
- OT/ICS security process discussions
- OT/ICS vulnerability scanning
Through this analysis, we can help you identify not just the current state of your OT/ICS security program, but ultimately your resilience level against typical attacks.
We also extend our OT experience with the wide net of specialized services our Security and Privacy team delivers, to provide combined expertise applicable to these sensitive environments on realms such as digital forensics and incident response (DFIR), monitoring and detection, cyber threat intelligence (CTI), security implementation and transformation, among many others.
Do you have questions or want to talk?
Call us at (800) 232-9547 or fill out the form below and we’ll contact you to discuss your specific situation.
This article was written by Tauseef Ghazi, Martin Rubio, David Carter, Wes Ladd and originally appeared on 2021-05-13.
2021 RSM US LLP. All rights reserved.
https://rsmus.com/what-we-do/services/risk-advisory/cybersecurity-data-privacy/industrials-cybersecurity-risk.html
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Insero & Co. CPAs, LLP is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.
For more information on how Insero & Co. CPAs can assist you, please call (800) 232-9547.