The Physical Implications of Cyber Security - Looking at the Colonial Pipeline Hack

Oftentimes we tend to think about Cyber Security as something that is primarily concerned with the digital world. Whenever we or any of the services we use are threatened by malicious actors, it’s usually our digital assets - data, personal information, intellectual property that we have to worry about. Over this past weekend we’ve seen an occurrence which is happening more and more as time goes on, of a hacker group wreaking havoc on the physical operations of a business with shocking effectiveness. 

This past Saturday, the Colonial Pipeline company reported that they had suffered a ransomware attack that disrupted their network, causing them to shut down part of their operations across their pipelines, which transport natural gas, diesel, and gasoline from Texas to the eastern seaboard of the United States. 

Luckily, the consequences of this attack were fairly mundane. While Colonial Pipeline did have to cease operations at some stations to contain the attack, the broader supply chain wasn’t affected due to an emergency response by the US government to allow the transportation of fuel via roads. However, this attack continues to demonstrate a pattern of attacks against infrastructure and critical industries that continues to grow. 

Historically, cyber attacks that have affected physical infrastructure have become some of the most discussed incidents in the industry, largely due to their possible implications and the scope of possible damage. Two of the most notorious examples of this include Stuxnet, which was famously used to disrupt Windows machines used in nuclear centrifuges in Iran, and WannaCry, the ransomware crypto worm that created widespread outages within the UK’s NHS (note: the healthcare sector is overrepresented in the industries targeted in cyber attacks, and especially ransomware). 

According to Reuters, cyber firm FireEye has been brought in to conduct the incident response, and it will be interesting to see what they report as the situation develops. It will be interesting to see the level of sophistication that has been required to pull off this attack - as in the case of Stuxnet and WannaCry zero-day vulnerabilities were utilised to make these attacks so devastating. If the methods of attack weren’t nearly as intensive as requiring a zero-day, it may indicate that threat actors are requiring less sophistication to have a large impact. 

So what does this mean for us as budding cyber security professionals? This event reinforces a couple key concepts that we try to remember as we pursue a career in this space:

• Cyber security is no longer just a tech field - as aspects of all industries become more reliant on digital assets for their operations, securing these assets will increasingly become a priority.
• Cyber attacks don’t always have purely digital implications - physical processes can be affected and disrupted, and this is a trend that is increasing. 
• Ransomware continues to be the most accessible and deployable threat for malicious actors - and this likely won’t change due to the variety of attack vectors it can be delivered through, the extent to which it’s able to disrupt systems, and the ability to extort capital (money, cryptocurrency) from targets. 

Overall, this attack is another indicator that we need to be more aware of the physical consequences of digital incidents, and that the need to secure vulnerable networks and systems is becoming ever-present across all industry.

If you want to learn more about cyber security at WithYouWithMe, check out our Cyber Defender Pathway here: https://rallypoint-ca.withyouwithme.com/cyber/

If you want to get in touch with me to ask about our cyber training, job opportunities, or anything else, feel free to reach out:

Via email: eric@withyouwithme.com

On LinkedIn: https://www.linkedin.com/in/ericjmcintyre/ 

On Discord: Eric McIntyre#0578

Or book an online call with me: https://meetings.hubspot.com/eric455