In a statement today, Colonial Pipeline said that the ransomware attack first hit the company Friday, May 7, and that it took certain systems offline to contain the threat including temporarily halting all pipeline operations. As of this afternoon, the company’s main lines, four in total, remain offline, but some smaller lateral lines between terminals and delivery points have been restored.
Colonial did not say what form of ransomware it was struck by but ticked off the standard response list: third-party security experts engaged, an investigation launched and law enforcement and other government agencies notified.
That Colonial Pipeline has been hit by ransomware doesn’t come as a surprise to experts. John Cusimano, vice president of aeCyberSolutions, the industrial cybersecurity division of Applied Engineering Solutions Inc., told SiliconANGLE that in his company’s extensive experience in assessing oil and gas pipelines for several of the country’s largest pipeline operators, their security is far behind that of other energy sectors.
“A common gap in the pipeline industry is the lack of segmentation of the pipeline supervisory control and data acquisition networks which are the networks that connect the pipeline control center to every terminal, pumping station, remote isolation valve and tank farm along the pipeline,” Cusimano explained. “These are very large networks covering extensive distances but they are typically ‘flat,’ from a network segmentation standpoint. This means that once someone gains access to the SCADA network they have access to every device on the network.”
Read the entire article : Major US fuel pipeline system shut down after ransomware attack - SiliconANGLE