There’s been yet another cyber attack on one of the most critical infrastructure sectors the United States relies on to fuel our economy (no pun intended) and safeguard our citizens - the energy sector. The breach, which occurred in mid-February, led the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to make an unusual disclosure about the attack on a natural gas pipeline operator.
In this case, a ransom intrusion attack was used by hackers with the likely intention to extract funds. Although it’s not clear where the ransomware originated, what we know is that it stemmed from what seems to be an all-too common attack vector, a phishing email that included a malicious link. While the virus didn’t appear to cause substantial damage, the natural gas operator prudently shut down their operations for two days to assess their facility’s network health.
The incident is a startling example of how even though a network’s cyber defenses may ward off deep compromises, attacks often result in costly and disruptive outages. In fact, in this case, the entire pipeline involved remained unproductive for those two days.
This attack has reminded us how the appetite for cyber disruption is quite high especially among state-sponsored actors as well as domestic threats seeking economic gain.
Industrial control systems rely on physical assets such as cameras, doors and other physical access systems, as well as traditional IT networks. As more and more devices are added to the network, Industrial Control System (ICS) operators must continually stay on top of current threats that can shut down any number of critical processes. Leveraging CISA, energy operators can be part of a cybersecurity community that has proven as in this case to provide assistance and share lessons learned to other operators who could be vulnerable to similar cyber hacks. Aside from physical safety, reliability is the utmost concern with grid operators.
Maintenance windows are minimized by carefully planned and efficient outages. Any unexpected outage equates to real economic and service disruption translating to:
- Missed service level agreements
- Loss of revenue
- Increase costs associated with repair and updates
This latest event comes at a time when energy operators are already dealing with state sponsored cyber attacks, and now increasingly needing to fend off both foreign and domestic bad actors who are often motivated to either steal Intellectual property, hold encrypted data for ransom, or worse yet, cause productivity or even physical harm through taking control of switches, devices, and other physical components of their ICS. A new term has been coined “eco-terrorism” to describe these types of foreign and domestic threats whose motivations are more financial in nature.
I’ve been advising the energy grid for years about cybersecurity, which includes a five-year stint as a board member of the North American Energy Standards Board (NAESB). There are ways gas and electric providers can mitigate risks against ransomware-based attacks:
1. Communicate cyberattacks to CISA who will in turn share with the community imminent threats and mitigating strategies you should employ.
2. Educate your workforce on the most common ways in which malware is distributed – through phishing and spear-phishing type emails. Company leaders should:
- Train end users to always view the sender’s domain by hovering over the “from address,” carefully checking all links and attachments before clicking and leveraging IT teams to inspect anything that looks remotely suspicious
- Run fully patched virus and malware detection scans
- Encourage partners and external users to digitally sign their emails using a trusted S/MIME certificate
3. Have an up-to-date and fully tested Business Resumption Plan so even in the worst-case scenario the impact can be contained.
4. Back up your data and don’t leave your network vulnerable to ransom attacks.
5. Recognize all people, machines, and devices that touch the network should be authenticated and look to automated PKI solutions as scalable and easy to manage security measures.
6. Invest in hardening your infrastructure as the threat environment will only increase especially as Smart grid components are increasingly attached to networks.
Unfortunately, the work of energy grid IT and CISOs is never ending, but as we’ve seen they are doing a great job warding off the barrage of cyber attacks. That doesn’t mean the job is done – in fact, it’s just begun.
To learn about GlobalSign's NAESB-compliant digital certificates developed specifically for energy industry-related use cases, visit our website.
