On May 7, the pipeline system that carries nearly half of the fuel consumption on the east coast of the United States was paralyzed by a major cyber attack.
Virginia, North Carolina, and Florida declared a state of emergency, the five-day closure of the colonial pipeline caused an extensive shortage of fuel and panic purchases.
This attack shows how fragile critical infrastructures such as fuel pipelines are even in times of increasing cybersecurity threats.
We think it’s time to make it a must-have for companies with critical infrastructure to adopt serious cybersecurity measures.
The risk of cyber attacks on important infrastructures is not unfamiliar.
After the events of September 11, 2001, research has shown that global security risks must be considered when analyzing critical infrastructure risks and security challenges. We also suggested systems to protect critical supply chain infrastructure, such as seaports and practices, including container transportation.
As ransomware attacks increase, so does the risk, where attackers hijack sensitive data from company systems and ask for a ransom.
These attacks may have unintended consequences.
There is evidence that the closure of the colony was the result of one such attack on the data. The company seems to have stopped the pipeline network and other operations to prevent the spread of malware.
That caused a series of unexpected consequences and collateral damage in the entire community.
In fact, the attacker may be surprised at the extent of the damage and now seems to have suspended his actions.
We have seen how critical supply chain infrastructure can be severely damaged and how serious can be the consequences of a direct attack.
Cyber risk frameworks are usually based on traditional risk management methods, in which potential cyberattacks are considered normal risks. These risk management methods weigh the cost of preventing network attacks and the cost of preventing them.
In some industries, this estimate takes into account the cost of a lost customer base that may never come back.
However, providers of basic services such as transportation, healthcare, electricity, water, and food do not see the risk of loss.
After the colonization incident, the customer returned to the gas station as soon as possible and continued to buy fuel.
As a result, compared with companies in other industries, key industries can bring lower downtime costs because their customers return.
Cybersecurity work is coordinated by the Australian Cyber Security Centre (ACSC) under the Australian Government Management Bureau of Larian Signal. ACSC works with public and private sector organizations to share threat intelligence and best practice security recommendations.
ACSC documents such as “Basic Eight” provide guidelines for organizations to implement basic security measures.
However, our research shows that even the Australian government does not always follow best practices. The problem is not the lack of knowledge.
ACSC generally understands and documents security best practices well. ACSC also provides specific guidelines for key sectors and industries, such as the Safety framework for the energy sector.
These are just guidelines.
Companies can choose whether to follow these guidelines. Australia needs a cybersecurity compliance program.
It means that companies that manage critical infrastructure (such as ports or pipelines) must comply with certain rules.
The first step for these companies may be to comply with existing guidelines and require basic cybersecurity certifications.
Lessons from the U.S.
The U.S. government issued an executive order to improve network security and federal government networks in response to colonial cyber attacks.
The contract proposes a series of measures to modernize the standards and improve communication and reporting requirements.
These are valuable actions, many of which are already within Australia’s existing commitments.
On May 7, the pipeline system that carries nearly half of the fuel consumption on the east coast of the United States was paralyzed by a major cyber attack. There is evidence that the closure of the colony was the result of one such attack on the data. The company seems to have stopped the pipeline network and other operations to prevent the spread of malware.