The oil and gas (O&G) sector, crucial for global industries, faces growing cyber threats as digital transformation exposes vulnerabilities in operational technology (OT). Unplanned OT downtime can cost facilities up to $149 million annually, with incidents often lasting over six days – at a daily productivity loss of $2.7M per day. In addition to operational downtime, the ripple effects impact safety risks and global supply chain. The sector's expanding attack surface, driven by IIoT and geopolitical tensions, highlights the urgent need for enhanced cybersecurity to safeguard critical assets and ensure operational continuity.

Source: Sophos News; Offshore Technology; Resecurity

Colonial Pipeline Attack (2021)

The Colonial Pipeline attack was carried out by the DarkSide ransomware group, a cybercriminal organization known for targeting large corporations. This ransomware attack, which targeted a critical U.S. pipeline, disrupted fuel supplies along the East Coast. Although the malware only affected IT systems, the company proactively shut down OT systems to prevent the ransomware from spreading. The incident highlighted the vulnerability of critical infrastructure and led to policy discussions on strengthening cybersecurity measures across OT systems.

Impact
  • Shutdown of Pipeline: Colonial Pipeline shut down its OT systems to prevent the malware from potentially spreading into the physical pipeline control systems.
  • Fuel Shortages and Panic Buying: The pipeline shutdown for five days and led to widespread fuel shortages. This led to long lines at gas stations, with some states experiencing up to 70% of fuel stations without gasoline.
  • Price Hikes: The price of gasoline surged across the U.S., with some regions seeing prices rise by as much as 10 to 20 cents per gallon.
  • Airline Disruptions: The shortage of jet fuel also affected airlines, which had to reroute flights to ensure that they could refuel at unaffected airports. This added operational costs and delays for the aviation industry.
  • Business Disruption: Businesses reliant on fuel for transportation, such as logistics and supply chain companies, faced higher operating costs and delays.

Source: Waterfall Security, IBM Newsroom, TechRepublic

Government Response/Regulation

The incident led to federal actions, including a Presidential Executive Order 14028, issued on May 12, 2021, to enhance the nation's cybersecurity in response to rising cyberattacks. The order focuses on improving the security of critical infrastructure and federal networks. Key recommendations and actions include:

  • Modernizing Cybersecurity: Encouraging the adoption of secure cloud services and zero-trust architecture.
  • Incident Response: Establishing a standardized response framework for cyber incidents across federal agencies.
  • Supply Chain Security: Strengthening the security of software and hardware supply chains to mitigate risks.
  • Cybersecurity Standards: Promoting the use of cybersecurity best practices and guidelines for federal agencies and contractors.
  • Information Sharing: Enhancing collaboration and information sharing between the government and private sector on cyber threats.
Lessons Learned

The attack highlighted several key cybersecurity vulnerabilities and prompted critical lessons for businesses and governments:

  • Importance of Segmentation: Colonial's proactive shutdown of its OT systems, even though the attack targeted IT systems (billing), highlighted the interconnectedness of IT and OT networks. This prompted a renewed emphasis on better network segmentation to limit the spread of attacks between these domains.
  • Cybersecurity Preparedness: The need for businesses, especially those in critical infrastructure, to have strong cybersecurity policies, including incident response plans, vulnerability assessments, and ransomware defenses.
  • Public-Private Cooperation: The attack demonstrated the importance of a coordinated response between private companies, federal agencies (such as CISA), and law enforcement.

Source: Waterfall Security, Microsoft, SpringerLink

The Invisinet Solution 

  • Zero Trust Approach: limits access to critical systems to only pre-authorized users, reducing the chances of unauthorized actors gaining entry. This would include multi-factor authentication and strict user identity verification.
  • Cloaking Key Systems: Invisinet’s cloaking technology hides key IT and OT systems (particularly SCADA) from the attackers, making it harder for them to identify which assets to target.
  • Maximize Your ZTNA Investments: Incorporating identity data within session packets enhances real-time network auditing and reduces false indicators of compromise. Additionally, Invisinet enhances your anomaly detection, making it smarter and more effective.
  • Regulatory Assurance: Invisinet supports regulatory compliance by integrating real-time auditing features, ensuring that identity information is accurately monitored and reported within session packets. This not only helps meet evolving cybersecurity regulations but also mitigates non-compliance risks, all while delivering cost-effective and low-disruption solutions that align with operational needs.
  • Seamless IT and OT Integration: Invisinet bridges IT and OT layers, providing end-to-end, low-latency protection within heterogeneous environments. This ensures that both domains are secured effectively without compromising speed or efficiency, making it a truly cost-effective solution for industrial and critical infrastructure.