Ransomware Attack on US Pipeline

Blog by Lawrie Abercrombie, Arcanum Technical Director

Over the weekend a ransomware attack forced the US’s largest fuel pipeline operator to shut down its operations. There have been multiple comments in the media along the lines of “why was nothing done to prevent this type of attack” and “did no one see it coming?”. The reality is that attacks against Critical National Infrastructure (CNI), things like power generation, oil & gas pumping, transport etc have been on many cyber professionals horizon for at least the last 9 years.

The US Cybercom’s CyberGuard series of exercises, which started as far back as 2012 and continued to at least 2018, have focused on protecting CNI and involved many of the US’s CNI operators as well as military cyber defence units. The CyberGuard series were the world’s largest real time, full spectrum active cyber exercises, in 2015 alone there were over 1,000 participants from the US and a UK team including several of Arcanum’s staff.

In the UK & Europe, the Security of Networks and Information Systems (NIS) Directives, which were introduced in 2018, were specifically designed to ‘encourage’ CNI operators to strengthen the protective measures around their critical systems and the UK’s National Cyber Security Centre produced the Cyber Assessment Framework (CAF) to enable the CNI operators where they needed to concentrate their efforts.
Unfortunately, the defence team have to play by the rules and must get it right every time whereas the rule book doesn’t apply to the bad guys and they only need to be lucky once.

Read BBC article ‘US passes emergency waiver over fuel pipeline cyber-attack’ here:

https://www.bbc.co.uk/news/business-57050690