Skip to Content

Tales from the “DarkSide”

Tales from the “DarkSide”

“Tales from the Darkside” was a horror anthology series that aired in the 1980s. But what is going on today is not some made-up fiction, it is real life. And like the cult favorite show, and the cybercriminal group that references the show’s title, it is downright scary. We just experienced the largest cyberattack against U.S. critical infrastructure in our nation’s history.

I will say this again – the largest cyberattack against U.S. critical infrastructure in our nation’s history!

Last week’s egregious ransomware attack on Colonial Pipeline, which operates the country’s largest fuel pipeline – delivering an estimated 45 percent of fuel consumed on the East Coast – should be a wakeup call to the entire security industry, the corporate world, the federal government and the Biden administration to take a preemptive strike and protect all areas of our country’s critical infrastructure so that cybersecurity vulnerability is eradicated.

How could this devastating cyberattack, this attack on U.S. critical infrastructure, happen in the first place? The Federal Bureau of Investigations (FBI) confirmed earlier this week that DarkSide, a ransomware gang of cybercriminals, was the group responsible for attacking Colonial Pipeline’s IT systems.

DarkSide claimed on its website that its cyber attack was not specifically intended to attack the nation’s critical infrastructure, but rather, it was financially motivated. “Our goal is to make money, and not creating problems for society,” said the group on its blog.

As a group that is profit driven in nature, targeting large corporations for ransomware attacks, DarkSide may claim that it does not intend to attack what is vital to all of us -  hospitals, government institutions, schools, just to name a few – but that begs the question, why would this group target a company that offers a service considered essential to our infrastructure?

Regardless of what the intent was, it happened, and now we must address this question – How do we respond?

Let’s go straight to the top – the White House announced this week that the Biden Administration has launched an ‘all-of-government” effort to address the Colonial Pipeline incident.

In response to the Colonial Pipeline cyberattack, the White House has convened an interagency response group consisting of the Department of Justice (including the FBI), the Department of Homeland Security (DHS) including the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy (DOE), the Department of Defense (DOD), the Department of Transportation (DOT), the Department of the Treasury, the Federal Energy Regulatory Commission, the Environmental Protection Agency (EPA), and the White House Office of Management and Budget,” the statement read. “The group regularly meets to assess the attack’s impacts on fuel supply and U.S. energy markets and assess policy options.”

In addition, the federal response offered guidance on securing critical infrastructure. 

“The FBI recently released a FLASH alert for critical infrastructure owners and operators with indicators of compromise and mitigation measures if infected,” the statement said. “The FBI has identified the ransomware as the Darkside variant, a ransomware as a service variant, where criminal affiliates conduct attacks and then share the proceeds with the ransomware developers. This alert will help other critical infrastructure owners and operators respond swiftly if they are targeted in future attacks.

“CISA, in partnership with DOE, is also communicating with industry to provide guidance on securing critical infrastructure, sharing details about the ransomware attack, and discussing recommended measures to mitigate further incidents. And, the Administration is working to help private sector companies like Colonial enhance their cybersecurity through the Industrial Control Systems Cybersecurity initiative, a collaborative effort between DOE, CISA, and the electricity industry to strengthen cybersecurity standards.”

Why did it take a cyberattack of this magnitude to get the wheels in motion in Washington, D.C.? Shouldn’t security measures have already been in place to ensure that ransomware or any other act of cyber criminality would be prevented, especially an attack that was an absolute gut punch to our country’s critical infrastructure?

Antoinette King, PSP, Key Account Manager, Axis Communications, noted that security must be considered to ensure that our nation’s critical infrastructure is protected.

“Protecting critical infrastructure has always been a top priority in the U.S.,” she said. “The challenge lies in the increased reliance on digital/network connectedness. When operational technology systems are designed for functionality without considering security in the design process, disaster is always looming on the horizon." 

Pierre Bourgeix, chief technology officer and founder of ESI Convergent, noted that a more collaborative approach to security would help protect our critical infrastructure. 

"Attacks on critical infrastructure have ramped up for the last few years and unfortunately it's only going to get worse," he said. "Protecting operating systems as part of a more converged security approach that incorporates IT, OT, and PS is going to be required. If you are in a regulated industry, being compliant will never result in better security, and security alone will not make you compliant. Proper governance and strong policies and procedures that are adhered to will help. Remember the nation state syndicates and ransomware hackers are looking at every angle to make your day a bad one."

Bert Rankin, COO, Zentry Security, also stressed the important of cybersecurity protection for critical infrastructure providers.

“Every major infrastructure provider—from energy to transportation to water systems and healthcare and more—should be equipped or retrofitted with the zero trust security controls that both empower employees and contractors to do their jobs more securely, and that provide much greater protection of critical infrastructure,” he said.

The aftermath of the Colonial Pipeline incident comes at the same time as an important cybersecurity certification that was announced this week.

The Security Industry Association (SIA) announced the creation of the Security Industry Cybersecurity Certification (SICC), a new industry credential developed by SIA with support from PSA Security Network and Security Specifiers and the first-ever certification focused specifically on cybersecurity and physical security convergence.  

This landmark certification is designed for security industry professionals and assesses and validates the core competencies these individuals must possess to effectively perform roles involving key facets of cybersecurity.

With cybersecurity awareness at its absolute height on the heels of the Colonial Pipeline incident, the SICC program is a critical step in the fight against cybercrime.  

The vulnerabilities in U.S. critical infrastructure were in full view when Colonial Pipeline was victimized. On the heels of Solar Winds and Verkada, Colonial Pipeline was just the icing on the cake in terms of why securing critical infrastructure in our country is exactly that, critical.

Comments

To comment on this post, please log in to your account or set up an account now.