Search

MCGA Statement: Colonial Pipeline Cybersecurity Incident


ALEXANDRIA, VA (May 10, 2021) – Colonial Pipeline recently issued a media statement saying that “...on May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”


The media statement does not provide any details of what systems or networks were affected, or how the ransomware found its way into Colonial’s environment. Investigators currently believe a ransomware group called Darkside may be responsible. This group is one of many that seeks financial gain from system owners exposed to their ransomware. In 2019 alone, ransomware attackers gained at least $7.5 billion from victims in the U.S., according to Emsisoft.


While financial loss is a major consequence of ransomware attacks, the Colonial Pipeline example demonstrates, once again, the potential threat to the nation’s critical infrastructure. When pipeline companies such as Colonial are impacted, the results can ripple through other parts of our infrastructure, from power generation and distribution to water and wastewater treatment, and medical services, all of whom rely heavily on the gasoline, diesel fuel, and natural gas that is transported by these pipelines.


Mission Critical Global Alliance (MCGA), along with other organizations and individuals, has been involved in raising awareness of the risk of a cybersecurity incident to our nation’s critical infrastructure for many years. This incident, together with cybersecurity intrusions in the water sector in February and March, continue to highlight the challenge that mission critical organizations face. MCGA strongly agrees with Eric Goldstein, executive assistant director of the cybersecurity division at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). He notes: “This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”


MCGA recommends that other critical infrastructure systems immediately review their response preparedness, from a people, process, and technology perspective:

  • People – Train everyone to anticipate a cybersecurity incident and know how to respond.

  • Process – Run regular exercises to ensure that the incident response plan will work when required.

  • Technology – Implement secure architectures, focusing especially on the segregation of systems so that it is possible to isolate parts of an environment without impacting others.

Training and awareness are key to improving cybersecurity posture. Employees should learn about system concepts, standards, technology, operations, safety and physical security, risk management, and emergency response preparedness. With better awareness and knowledge, a system operator can prepare its people, update its processes, and manage its technology.


# # #