14 Jun 7 Crisis Management Lessons from Colonial Pipeline’s Cyber Attack Response
Last year’s Colonial Pipeline assault sparked a catastrophe for the corporation and the country, teaching business executives some key lessons about how to respond to and handle crisis situations.
According to the Washington Post, “Colonial’s 5,500 miles of pipelines transport petroleum from Gulf Coast refineries to clients in the southern and eastern United States.” It claims to carry 45 percent of East Coast petroleum consumption, reaching 50 million Americans.”
A Serious Test for Biden
“The incident provides a crucial test for how the Biden administration will respond to cyber strikes on vital infrastructure at a time when hackers are increasingly targeting essential utility services,” according to Politico. Depending on how long the outage lasts and who is responsible, fuel prices in the southeastern United States might rise beyond $3 per gallon, according to market analysts.”
“The attack comes amid rising concerns about cybersecurity vulnerabilities in America’s critical infrastructure in the aftermath of recent incidents, and after the Biden administration last month launched an effort to beef up cybersecurity in the nation’s power grid, calling on industry leaders to install technologies that could thwart attacks on the electricity supply,” CNN reported.
First Lessons
Although the issue is still unfolding, it is not too soon to highlight some of the best practices that Colonial Pipeline and the US government are employing.
Tell Everyone What Happened
The corporation issued a statement on its website last night, stating that “… it was the target of a cybersecurity assault.” As a result, we took some systems offline proactively to manage the danger, which briefly suspended all pipeline operations and disrupted some of our IT systems.”
Colonial Pipeline, on the other hand, did not disclose any information regarding the incident, such as when it occurred or the attackers’ demands.
Bring in the Pros
“Upon learning of the issue, a prominent, third-party cybersecurity company was hired, and they have already initiated an investigation into the extent and scope of this incident, which is continuing,” Colonial Pipeline said in a statement. We notified law enforcement as well as other government authorities.”
Establish Primary Issues
As reflects the business’ statement: “Colonial Pipeline is taking measures to understand and rectify this issue.” “At the moment, our key emphasis is the safe and efficient restoration of our service, as well as our attempts to resume normal operations.” This process is already in motion, and we are working hard to fix this issue and minimize inconvenience to our customers and those who rely on Colonial Pipeline.”
Don’t make assumptions.
“Federal law enforcement and homeland security officials are probing the situation,” according to the Washington Post. Officials are unsure if the attack on leading U.S. petroleum pipeline operator Colonial Pipeline was carried out by foreign government hackers or a criminal organization.
“It’s ‘too early’ to say,” said one official, speaking on the condition of anonymity because the inquiry is continuing.
Take Command
Scott Sobel is the senior vice president of crisis and litigation communications at kglobal, a public affairs and public relations business. “Cyber terrorists are criminals of opportunity,” he remarked, “searching for loopholes and preying on firms that have more to lose than just losses from the first strike.”
“Colonial and the authorities bit the bullet and shut down the rest of Colonial’s pipeline lines that were not impacted by the first attack.” This preventive move shifted power away from the terrorists and minimized the long-term effects, intimidation, and leverage that the terrorists hoped for.”
Send the Correct Message
“The proactive steps, hopefully, will prevent Colonial from being assaulted in the same way by these criminals again, and it also sends a message to others that Colonial will respond with vigor to any conflict,” Sobel said.
“Of course, this specific game is still being played with Colonial,” he continued, “but the message has been conveyed that Colonial and other huge firms have deep enough coffers and the chutzpah to weather this type of struggle and take measures to win the war in the future.”
Isolate the Issue
Bryan Hornung is the founder of the cybersecurity business Xact IT Solutions. “With any cyber assault, the first thing you want to do is isolate the problem by unplugging it from the network,” he explained.
For which, as of Friday, it looks they have done. It’s now all about granting the recovery/cyber insurance team access while ensuring no one else has access to the network.
“Once this is completed, the team will need to establish whether data was exfiltrated and, if so, what power they have to lessen the ransom demand.” Whether they pay the ransom or not, Colonial will have to invest heavily in new infrastructure since you can’t rebuild on the same network that was compromised. You’re beginning from scratch.”
Take a look at this: 6 Ways to Combat Social Phishing Attacks
Business Leaders’ Advice
“… event response planning is vital and should be part of every organization’s business plan,” Hornung added. All businesses should strive for cyber resilience by:
locating assets
Developing a strategy to safeguard such assets
Implementing methods to identify whether such assets have been compromised, as well as creating a documented response strategy so that everyone knows what to do.
Executing a recovery plan that, if properly established, will make the incident easier to bear.
He stated that without a recovery strategy, “… you are prone to blunders, missteps, and human error, resulting in longer recovery periods and a greater loss of income.” “It’s usually less expensive to take care of things on the left side of ‘the boom’ than it is to take care of things on the right side after an incident,” he said.
More Cyber Attacks on the Way?
According to Brad Brooks, CEO of OneLogin, Friday’s incident “… shows how swiftly the stakes on cybersecurity are growing, with controlling and knowing who has access to your IT systems becoming a board-level issue for every firm.”
“We’re transitioning from an unseen Cold Battle centered on data theft to a very visible hot war with actual ramifications for physical property and people’s lives,” stated.
Strike Ready, a cyber security platform, is led by Anurag Gurtu as its chief product officer. “There appears to be some conversation within the intelligence community regarding DarkSide ransomware being tied to the Colonial Pipeline system assault,” he said. Darkside is an Italian band… It states that it would not target firms in the education, healthcare, or government sectors.
Adhubllka Ransomware is another active ransomware that [the] StrikeReady intel team has traced to Italy.
“The other two incredibly active ransomware assaults targeting the oil and gas business are DoppelPaymer ransomware and Clop ransomware, both of which are related to Russia,” he explained.
TAG Cyber, a cyber security research and analytic organization, is led by Edward Amoroso. He stated that “business vulnerabilities to assaults are ever-expanding, and cyber criminals will always be one step ahead.”
“Because of their ease, I expect targeted ransomware assaults to continue.” These attacks, however, pale in contrast to the devastating attacks that may occur if firms do not have key infrastructure and experienced [and] skilled chief information security officers to handle known and undiscovered risk factors.”
Source:
