US Government Warns of Ransomware Attacks on Pipeline Operations

February 21, 2020 HoganTaylor

United States pipeline with mountains in the back

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently highlighted a ransomware impacting pipeline operations. We wanted to bring this to your attention, as this type of attack could affect your business, as well.

This incident, which happened at a natural gas compression facility, was caused due to poor “Security Awareness Training.” The threat actor used a Spearphishing Link to gain access to the organization’s infrastructure and deploy ransomware to encrypt data in the organization’s operational technology network. The end result was a partial Loss of View for the human operators.

Though the organization had network segmentation implemented, it was either not robust enough or not implemented correctly because the threat actor was able to pivot to the control network and deploy the ransomware. Had this actor been more interested in control systems or inflicting damage as opposed to collecting a ransom, this would have been much worse—just think of what they could have done on the control network in your environment.

It’s also worth noting that the organization’s emergency response plan (ERP) did not specifically consider cyberattacks. All businesses would be well served to take a moment to review their ERP and verify they have a plan in place for a cyberattack.

Lastly, if you are not already receiving the US Department of Homeland Security’s “National Cyber Awareness System”  alerts, we strongly encourage you to take a moment to sign up. This is an excellent free resource to keep you abreast of current threats that are actively being seen around the world.

Assessing Your Risk

If the contents of this alert have raised any concerns, or if you would like assistance assessing the environments in your organization, HoganTaylor Technology professionals who work hand-in-hand with HoganTaylor’s Energy practice can help. For more information, please contact Jeff Koweno, HoganTaylor Energy Practice Lead, at jkoweno@hogantaylor.com.

About HoganTaylor Technology

HoganTaylor Technology is a newly formed subsidiary of HoganTaylor, encompassing all of the Firm’s information technology service offerings including managed services, outsourced CIO and technology solutions, cybersecurity services, and IT strategy and assessments. For more information, please contact Cody Griffin, HoganTaylor Technology Practice Lead, at cgriffin@hogantaylor.com for more information.

INFORMATIONAL PURPOSE ONLY. This content is for informational purposes only. This content does not constitute professional advice and should not be relied upon by you or any third party, including to operate or promote your business, secure financing or capital in any form, obtain any regulatory or governmental approvals, or otherwise be used in connection with procuring services or other benefits from any entity. Before making any decision or taking any action, you should consult with professional advisors.

Share This:

Get Updates

Subscribe

Featured Articles

10 Cybersecurity Questions to Consider

Protecting and preserving the things that have made your organization successful starts with understanding what makes it vulnerable.