{"id":46544,"date":"2022-05-06T14:00:00","date_gmt":"2022-05-06T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/colonial-pipeline-1-year-later-what-has-yet-to-change-"},"modified":"2022-05-06T14:00:00","modified_gmt":"2022-05-06T14:00:00","slug":"colonial-pipeline-1-year-later-what-has-yet-to-change","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/colonial-pipeline-1-year-later-what-has-yet-to-change\/","title":{"rendered":"Colonial Pipeline 1 Year Later: What Has Yet to Change?"},"content":{"rendered":"
<\/div>\n

The Colonial Pipeline<\/a>
\nransomware attack that took place exactly one year ago sent shockwaves across the nation that are still being felt today. A cyberattack with such massive real-world implications had never been seen before, let alone an attack on one of the largest critical infrastructure assets in the US that was initially started via an exposed virtual private network (VPN) password. During the attack, threat actors stole nearly 100GB of data, and not long after, the Colonial Pipeline took its systems offline for several days to prevent the further spread of ransomware. The Colonial Pipeline\u2019s shutdown affected oil and fuel supplies in many states, and as a result, the US government declared a state of emergency.<\/p>\n

Critical infrastructure, such as the infrastructure technology and operational technology systems managed by Colonial Pipeline, is often a prime target for cybercriminals. These national assets not only store highly valuable government, company, and consumer data in their systems but could also dramatically disrupt society if compromised. The fact that the Colonial Pipeline attack was due to a security lapse served as a wake-up call for companies all over the world to rethink their cybersecurity postures. <\/p>\n

In the wake of the attack, President Biden immediately signed an Executive Order<\/a> on “Improving the Nation\u2019s Cybersecurity,” which emphasized that incremental improvements are not enough; bold change and significant investments in cybersecurity must be made to defend critical infrastructure. Federal agencies and organizations were provided with a timeline and steps to advance their cybersecurity strategies and infrastructure. However, in the months following Colonial Pipeline, the US also witnessed several other critical incidents that made national headlines, including the Kaseya<\/a> ransomware attack and the discovery of the Log4j<\/a> vulnerability that was baked within the foundations of the world\u2019s software applications. Thus, it is evident that many true changes have yet to be made. Let\u2019s take a deeper look at the developments organizations must make to their cybersecurity postures to protect the nation\u2019s critical infrastructure.<\/p>\n

Further Visibility into Business-Critical Applications is Crucial<\/strong>
Recent legislation, such as the Cybersecurity Executive Order<\/a> and Cyber Incident Reporting for Critical Infrastructure Act<\/a>, mark improvements for the nation\u2019s cybersecurity landscape, as they impose specific regulatory requirements and provide further transparency into organizations\u2019 cyber events. Despite these developments, many organizations responsible for the nation\u2019s critical infrastructure are still operating without visibility into their business-critical applications\u2019 security, as demonstrated by the influx of attacks that succeeded the Colonial Pipeline. Organizations must understand that systems, such as enterprise resource planning (ERP), supply chain management, and logistics management, are interconnected and support mission-critical operations that can be severely disrupted if they are compromised by adversaries. A universal shift in enterprise cybersecurity strategies is crucial to ensure organizations can swiftly recover from a cyberattack as detrimental as the Colonial Pipeline one.<\/p>\n

Taking Actions to Defend the Nation\u2019s Critical Systems<\/strong>
Without stronger security controls, business-critical systems will remain vulnerable to attack. Proper defenses need to be in place to ensure America\u2019s valuable data is protected. Below are several actions organizations must take to protect their sanctioned resources:<\/p>\n