After having done the analysis of the Bellingham, WA Olympic Pipeline rupture that killed 3 people for NIST, I expected the Colonial Pipeline hack to be an OT incident affecting the SCADA system and potentially causing pipe leaks or pipe ruptures. However, that does not appear to be the issue in this case. Darkside’s malware is IT ransomware with data exfiltration capabilities and was not custom-built for ICS attacks. The issues that occurred with the Colonial Pipeline ransomware attack are not unique to pipelines as the IT/OT convergence is moving critical operational data to IT without the proper controls or visibility. With the hacking of IP networks, there is a to detect operational changes independent of the OT network which can be accomplished by monitoring the physics of the process sensors. Control system cybersecurity and the appropriate integration with IT security needs to be stepped up to prevent ransomware IT hacks from causing physical damage and causing significant societal upheavals.
URL: The Colonial Pipeline cyberattack – Did IT/OT convergence contribute to the attack
