Ransomware Attack Shuts Down Major Fuel Pipeline; PE Firms Advised To Enhance Protections
A ransomware attack has led to the shutdown of the Colonial Pipeline, the largest fuel pipeline in the U.S. The Colonial Gas pipeline supplies gasoline, jet fuel, and other products to the eastern and southern U.S., providing 45% of the East Coast supply of fuel.
As relayed by Colonial Gas on May 8, the privately-owned company suffered a ransomware attack. While the details of the attack are unclear to this point, attackers targeted key Colonial information and operation technology systems, encrypted data that has impacted overall operations, and demanded ransom to decrypt their data.
As reported, the attack is currently being investigated by the F.B.I., the U.S. Department of Energy, and the White House, as well as by a third-party cybersecurity firm.
The attack has been attributed to the Russian DarkSide criminal group, and at present is not being viewed as a state-sponsored attack. In an attempt to curb the impact of attacks by adversaries and criminal organizations, the Biden Administration is planning on launching an executive action designed to strengthen cybersecurity systems crucial to intelligence apparatus and critical infrastructure.
While reserve fuel supplies are present, Colonial announced today that they do not expect operations to return before the end of this week, raising the risk of supply issues reverberating throughout our economy.
The Colonial Pipeline ransomware attack is a stark reminder of just how vulnerable companies are to attacks, the impact these attacks can have on operations and on the supply chain, and the importance of prioritizing cybersecurity risk management.
Segregate key networks using demilitarized zones (DMZs)
Maintain offline backups
Perform risk assessments and network penetration testing
Review incident response plans
Enhance phishing prevention training efforts
The attack likewise necessitates a call to action for private equity (PE) firms in relation to the cybersecurity risk management of their portfolio companies (portcos).
PE firms in general, and especially those with portfolio companies in the energy and infrastructure sector, are advised to:
- Recognize that criminals are increasingly targeting PE firms considering the likelihood of ransomware payment, due to:
- The perception that companies held by private equity investors have the resources to pay off huge demands
- The perception that cybersecurity operations at portfolio companies are lean due to high profit goals
- PE hesitancy to expose details of attacks for fear of devaluing portco holdings
- The ease of locating and linking portfolio companies to PE firms due to disclosure requirements
Involve the board and senior management in planning and advancing portfolio-wide cybersecurity efforts.
Implement systems to monitor cyber risk on a portfolio-wide basis.
Implement recommendations for cybersecurity enhancement, including penetration testing, network segregation, risk assessments, incident response planning, patch management, and implementing multi-factor authentication for all remote access points.
Firms investing in energy should ensure that cybersecurity is heightened at particularly vulnerable targets of the energy sector (e.g., segmentation/isolation of supervisory control and data acquisition (SCADA) services).
How we help
ACA Aponix® offers the following solutions that can help your firm protect itself in relation to this and similar cybersecurity warnings, and to enhance its cybersecurity in general:
- Risk assessments and regulatory compliance testing services
- Threat intelligence, phishing testing and monitoring
- Operational resilience and governance
Download our PortCo Defend™ portfolio company cybersecurity solution brochure.
If you have any questions, please contact your ACA Aponix consultant or contact us below.