Three Cyber Security Lessons from Colonial

The Colonial Pipeline ransomware attack was not an anomaly. It was not an isolated attack. It was not unique. It received a lot of attention because it threatened the entire east coast of the United States with a fuel shortage that would go down in history. The consequences of this attack were dire but, fortunately, not deadly. A new infiltration on JBS SA has put 20% of the United States beef production at risk. Fuel, food, transportation and other critical infrastructure are under attack. Future targets could be even more consequential and potentially deadly. What can organizations learn from analyzing this and other cyberattacks on critical infrastructure?


Present Versus Future Costs

The Washington Post reported that nearly 2400 health care facilities, schools and government institutions were hit by ransomware attacks last year. The ransom is often paid in cryptocurrency. Chainanalysis, a firm that tracks cryptocurrency payments, estimated that victims paid over US$400 million in 2020, a 400% increase from 2019. Colonial CEO, Joseph Blount confirmed that the company paid US$4.4 million in ransom to the attackers.


The increasing number of ransomware attacks and the cost of paying demands has not been lost on companies that insure businesses against such losses. Insurance premiums have risen 50% since last year. Some companies are getting out of the cyberattack insurance business altogether which will likely lead to even higher premiums in the future.


Finally, factor in the potential lost business due to a lengthy (or even short) shut down. Short-term opportunity costs of immediate lost revenue and long-term loss of business from customers who switch to competitors need to be considered.


Government Intervention

In the United States, the Department of Homeland Security (DHA) is currently planning on issuing a new set of regulations targeting the energy sector as a result of the Colonial attack. There are hearings scheduled in the Congress focusing on improving cybersecurity. Sector by sector, as attacks become more bold and more severe, legislative attention becomes more likely.


Regulatory management and compliance is an expensive business. There are direct costs such as regulatory applications and fees as well as indirect costs related to internal staff delegated to managing the process. Staying out of the spotlight is far more efficient than becoming a regulatory target. Businesses that deal in critical infrastructure are the most likely to have a bright light shine on any cyber breach. There is also legislative discussion about making paying a ransom illegal. This will put organizations between the rock of getting the business back up and running and the hard spot of legal action if a ransom is paid.


We Can Do Better

The moral of this story is that cutting budget corners when it comes to cybersecurity is a fool’s game. The old adage, “do it right the first time”, rings true here. Develop a robust security strategy that includes multiple levels of attack prevention, monitoring, analytics and information protection.


It is critical to develop impenetrable Intrusion Detection and Prevention as well as multi-level Data Loss Protection. Keep bad actors out and, if they get in, do not let them get access to business data. This practice requires a variety of specialized tools to monitor incoming data and to require strict credentials for access to stored company information.


Studies have determined that such programs can require as many as seven specialized tools for each link. This level of protection may seem impossible even for an expanded security budget. However, picking the right tools and the right tool management connectivity can bring the goal of robust cyber security into the realm of feasibility.


Visibility Strategy for Business Continuity

Network Critical is a global innovator of visibility products that efficiently connect security tools allowing organizations to establish robust information protection within a realistic budget. Visibility is a critical component of security. Without monitoring and protection tools, networks are vulnerable to cyberattacks and acute damage to the business as a whole.


There are many types of tools used for monitoring and information protection. However, it can be very expensive and complicated to have all the tools working on all the links in perfect coordination. Further, network reliability and availability will be impacted by multiple tools directly connected to live traffic links.


Network TAPs and Packet Brokers are the key enablers connecting specialized tools to links that allow businesses to monitor traffic, quickly discover traffic anomalies and shut down potential attacks before damage can be done. Products such as the SmartNA portfolio from Network Critical provide unique features that allow all links to be protected by specialized tools without impacting reliability or defeating the budget plan.


Some of these features include:

Aggregation: Combining traffic from underutilized links to tools that have ample capacity.

Load balancing: Allowing traffic from high-speed links to be managed by multiple lower speed tools saving CAPEX by reusing existing legacy tools when new high-speed links are deployed.

Filtering: Another cost saving feature that allows only the traffic that is needed by a particular tool to be sent directly to that tool. This feature also helps tools perform more efficiently.

Port mapping: Allows direction of link traffic from live links to various tools for evaluation and processing. Traffic from any combination of links can be sent from any input to any output and can also be regenerated for output to multiple tools.

Drag-n-Vu Graphical User Interface: This unique user interface makes deployment and management of the system simple and fast. Complex calculations are managed in the background while operationa