A year later, what have we learned from the Colonial Pipeline attack?

May 9, 2022
There have been lessons learned, surely, but there are massive vulnerabilities still at play.

We recently marked the one-year anniversary of the Colonial Pipeline ransomware cyberattack, in which hackers utilized one singular, compromised password and managed to take down the largest fuel pipeline in the United States. Hackers affiliated with DarkSide demanded $4.4 million bitcoin in ransom, and Colonial Pipeline Company (in collaboration with the FBI) paid the fee.

However, the IT tool used to restore the system had long processing times and the attack still managed to result in fuel shortages and price hikes across the East Coast.

Days after the attack—on May 9, 2021—the Federal Motor Carrier Safety Administration issued a regional emergency declaration to keep fuel supply lines open for 17 states and Washington, D.C. following concerns of severe oil and gasoline shortages. Nearly half of the fuel supply utilized on the East Coast originates from the Colonial Pipeline; the attack marked the largest cyberattack of an oil infrastructure target in US history.

While the incident drew attention and raised awareness on the massive vulnerabilities plaguing critical infrastructure, our cybersecurity posture as a nation remains questionable at best. As the threat of Russian-related cyber-attacks continues to loom, and we see ransomware like BlackCat popping up, it’s clear that organizations are clinging to a false sense of security.

With most cyberattacks, it all comes down to how well identities are managed, both of humans and machines. As we have seen in the past with SolarWinds, the Equifax breach and the Colonial Pipeline outage, the culprit typically involves a bad actor gaining access to an organization’s critical infrastructure via user credentials.

This is where strategies like digital identity management and zero-trust security become critical for organizations navigating ongoing threats and hoping to weather future attacks.

Rethinking our strategy

As we’ve seen in cyberattacks like Colonial Pipeline, a breach can result in devastating financial losses and consequences, even when a bad actor has access to something as seemingly trivial as a singular password. Passwords are simply not the answer for managing critical infrastructure.

Instead, digital certificates are becoming the foundation and backbone to keeping infrastructure secure. Many organizations are realizing this—a recent report we conducted in partnership with the Ponemon Institute found nearly all organizations are beginning to use certificates to protect assets. Further, more are putting greater emphasis on managing and securing digital certificates (54%) versus human identities such as usernames and passwords, (46%), which they feel are less of a priority in time and resources.

And it’s for a good reason; nearly every organization has 30,000+ certificates. The majority of today’s organizations—including those in the industrial and manufacturing industries—are set to spend more than $1.2 million this year to manage and secure their digital certificates. Given this budget, one would expect the programs to be established and run like a well-oiled machine. Unfortunately, that’s not the case. Less than 15% of the Ponemon report’s respondents considered their current Certificate Lifecycle Management (CLM) programs to be mature, and only one-third of respondents say they have an accurate inventory of all of their certificates. Those who don’t have an accurate inventory rely on manual, siloed tactics and systems or legacy antiquated tools.

So what is the most safe, secure, cost-effective, and viable way forward when it comes to managing digital assets? Securely automating the process.

Keeping our infrastructure safe

With current geo-political situation, especially Russia favoring critical infrastructure as a cyber-target, and in general with cyber-threats on the rise, the one-year mark of the Colonial Pipeline attack should serve as a reminder that we haven’t done much to further our security. We still have massive vulnerabilities at play across our critical infrastructure—think water, gas, electric and even our healthcare systems. We must shift our thoughts and priorities when it comes to our cyber-posture and attempt to avoid sweeping ramifications in the future.

It’s time for organizations to face the music and adopt zero-trust and digital identity-management strategies bolstered by secure automation to better equip and protect their organizations and assets from any such future threats.

By Alon Nachmany, field chief information security officer with AppViewX