Oftentimes we tend to think about Cyber Security as something that is primarily concerned with the digital world. Whenever we or any of the services we use are threatened by malicious actors, it’s usually our digital assets - data, personal information, intellectual property that we have to worry about. Over this past weekend we’ve seen an occurrence which is happening more and more as time goes on, of a hacker group wreaking havoc on the physical operations of a business with shocking effectiveness.
This past Saturday, the Colonial Pipeline company reported that they had suffered a ransomware attack that disrupted their network, causing them to shut down part of their operations across their pipelines, which transport natural gas, diesel, and gasoline from Texas to the eastern seaboard of the United States.
Luckily, the consequences of this attack were fairly mundane. While Colonial Pipeline did have to cease operations at some stations to contain the attack, the broader supply chain wasn’t affected due to an emergency response by the US government to allow the transportation of fuel via roads. However, this attack continues to demonstrate a pattern of attacks against infrastructure and critical industries that continues to grow.
Historically, cyber attacks that have affected physical infrastructure have become some of the most discussed incidents in the industry, largely due to their possible implications and the scope of possible damage. Two of the most notorious examples of this include Stuxnet, which was famously used to disrupt Windows machines used in nuclear centrifuges in Iran, and WannaCry, the ransomware crypto worm that created widespread outages within the UK’s NHS (note: the healthcare sector is overrepresented in the industries targeted in cyber attacks, and especially ransomware).
According to Reuters, cyber firm FireEye has been brought in to conduct the incident response, and it will be interesting to see what they report as the situation develops. It will be interesting to see the level of sophistication that has been required to pull off this attack - as in the case of Stuxnet and WannaCry zero-day vulnerabilities were utilised to make these attacks so devastating. If the methods of attack weren’t nearly as intensive as requiring a zero-day, it may indicate that threat actors are requiring less sophistication to have a large impact.
So what does this mean for us as budding cyber security professionals? This event reinforces a couple key concepts that we try to remember as we pursue a career in this space:
Overall, this attack is another indicator that we need to be more aware of the physical consequences of digital incidents, and that the need to secure vulnerable networks and systems is becoming ever-present across all industry.
If you want to learn more about cyber security at WithYouWithMe, check out our Cyber Defender Pathway here: https://rallypoint.withyouwithme.com/cyber/
If you want to get in touch with me to ask about our cyber training, job opportunities, or anything else, feel free to reach out:
Via email: firstname.lastname@example.org
On LinkedIn: https://www.linkedin.com/in/ericjmcintyre/
On Discord: Eric McIntyre#0578
Or book an online call with me: https://meetings.hubspot.com/eric455