A natural gas compression facility in the United States has become the latest victim of a critical infrastructure cyberattack. An advisory published by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) on February 18 2020 stated that the attacker gained access to the organization’s IT and operational (OT) networks and successfully encrypted company data. The pipeline operator was forced to shut down operations for two days, compelling other facilities with pipeline transmission dependencies to also temporarily suspend their services.
Attackers initially managed to infiltrate the facility’s IT network via a spear phishing link. Once inside, the organization’s lack of air gapping allowed them to pivot to the OT network and encrypt data from both networks. They then demanded a ransom in exchange for the decryption key.
The CISA was keen to stress that the attackers did not gain access to the programmer logic controllers and thus could not manipulate factory equipment. However, staff lost data related to other industrial processes and decided to implement an emergency shutdown of the facility as a precautionary measure.
The CISA advisory judged that the pipeline operator’s emergency response plan did not explicitly consider the risks posed by cyberattacks, nor did it empower employees to make critical decisions in the event of said attacks. Though the hackers were unable to control facility operations at any point, its personnel’s lack of cybersecurity knowledge left it wide open to more damaging attacks in the future.
At Soteria, we offer a comprehensive range of multi-layer security solutions to help organizations mitigate the risks of cyberattacks. Our ICS/SCADA monitoring and detection technology platforms help protect critical infrastructure, while our Cywareness program teaches facility personnel how to identify and neutralize potential threats. We keep pace with new innovations and evolutions in the cyberarena, adapting our strategies and products to ensure our clients are best equipped to deal with any cyber threat on the horizon.