Critical Infrastructure On Edge: Colonial Pipeline Is Only the Latest Example of the Massive Risks Associated with Attacks


This past week Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas along a 5,500-mile path from Texas to New Jersey, was forced to take itself offline after being attacked by a criminal cyber gang. The pipeline, which carries 2.5 million barrels a day, nearly 50% of the East Coast supply of diesel, gasoline, and jet fuel, is still working to restore service and gain access to their systems after the malicious cyberattack, while its four mainlines remain offline.

The attackers, who stole almost 100GB of data, were confirmed by multiple sources to be DarkSide, a cyber-criminal gang that is highly organized and “runs like a business.” While neither Colonial nor federal officials have explained how the attackers breached the company’s network and went undetected, cybersecurity experts believe that Colonial may not have employed state-of-the-art defenses in which every device and endpoint connected to the system is secured.

Even though it’s not yet clear if the hackers could have actually meddled with the physical state of the pipeline or created potentially dangerous physical conditions, merely gaining broad access to the IT network is cause enough for the pipeline or any critical infrastructure to shut down for safety reasons.

Ransomware attacks such as this one, as well as other cyber threats, are on the rise within the infrastructure industry. Smart sensors and communication technologies bundled into various industrial control systems expose infrastructures and organizations to risks. For instance, one vulnerable smart sensor connected to the internet can act as a gateway for deploying attacks or compromising other critical systems on the same network.

The problem? Most traditional enterprise architectures constrain digital innovation and transformation, leaving a business with decentralized endpoints, inflexible private networks, and an ever-expanding attack surface. We developed a secure access service edge (SASE) as a solution to the problems that come with the cumbersome, traditional point-to-point method of networking.

The SASE platform delivered over a distributed cloud framework provides security features for all endpoints, users, and edges. Built-in is Dispersive’s Virtual Network (DVN), which is a Zero Trust Network Access (ZTNA) solution that lets organizations be entirely confident that their data, critical applications, and infrastructure are secure.

The zero-trust network access (ZTNA) gives businesses complete session protection while removing trust assumptions in cloud deployments even when the user or device is connecting from a remote network access point. By only providing access to a user once explicitly granted, businesses can prevent unpatched or vulnerable devices from connecting to corporate services.

Dispersive’s SASE solution also enables enterprises to manage network and security policies through a single console, making it easier and more efficient for IT teams and managed service providers to orchestrate, manage, and troubleshoot. This enables critical infrastructure organizations to easily deploy, integrate, and manage new endpoints, apps, and services in an efficient, but more importantly, secure framework.

With the volume of cyberattacks such as the hack on Colonial Pipeline increasing, critical infrastructure providers in the US have no choice but to bolster their defenses against an onslaught of loosely organized criminal hackers—whose disruptive ambitions are only growing.

The U.S. energy sector is growing particularly vulnerable to ransomware attacks as these networks expand their attack surfaces. The increasing digitization of power grid and pipeline equipment means it’s becoming easier for ransomware attackers to find openings and exploit them for profit.

For years, the cybersecurity industry has warned that state-sponsored hackers could shut down large swathes of US energy infrastructure in a geo-politically motivated act of cyberwar. Now, the Colonial Pipeline hack represents one of the largest disruptions of American critical infrastructure by hackers in history and provides yet another example of how urgent it is that we upgrade our cyber-infrastructure.