Colonial Pipeline, one of the largest and most crucial pipelines in the United States of America, was the victim of a ransomware attack. The incident occurred on 6th May, 2021 and affected consumers and airlines along the East Coast. The cyberattack was flagged as a national security threat and President Joe Biden declared a state of emergency.
Colonial Pipeline comprises more than 5,500 miles of pipeline and starts in Texas and moves all the way up through New Jersey, supplying nearly half of the fuel for the East Coast delivering refined oil for gasoline, jet fuel, and home heating oil from refineries to industry markets.
Due to the cyber hack, the pipeline's digital systems were compromised and were forced to shut down for several days, leading to massive operational disruptions to the fuel supply and causing gas prices to shoot up. Consumers began hoarding supplies in panic which led to chaos and fright.
What Happened
A hacker group called DarkSide gained unauthorized access through an exposed password for a VPN account. They were able to steal over 100 gigabytes of data within two hours. After the data theft, the attackers infected the IT network of the pipeline with ransomware that affected several computer systems. This cyberattack not only compromised the data but also the operations of this massive pipeline, leading to the incident being declared as a national emergency.
From small business owners to commercial organizations, millions of Americans along the East Coast were victims of this attack.
Unintended Consequences: IT-OT Convergence
This unauthorized access also potentially gave access to their operational systems. Fortunately in this case, the hacker group’s objective was to ransom access to critical systems.
In the end, Colonial Pipeline paid the hackers 75 bitcoins worth $4.4 million in exchange for the decryption key. And on 12th May, 2021, the pipeline restarted its operations.
The impact of this attack is a reminder that cyberattacks are no longer just an “IT problem.” With digitization of OT infrastructure like pipelines and operations being managed remotely, the risk of exposure to cyberattacks also increases, leading to compromised OT infrastructure born from cyber vulnerabilities in the IT network.
Government agencies around the world are taking active measures to prioritize cyber resilience in OT environments by declaring critical infrastructure as part of national security and setting new cybersecurity industrial standards like IEC 62443.
OT infrastructure is often ignored because we forget that it is now connected and traditionally were run in siloes. Today, that is not the case and Colonial Pipeline was one of the largest casualties of this new reality.
Source:
https://www.cybersecuritydive.com/news/post-colonial-pipeline-attack/623859/