The cybersecurity threatscape has traditionally focused on data-centric attacks. These are attempts to steal or corrupt digital assets. However, in the ever-evolving world of technology, this landscape has grown more intricate and dangerous. The convergence of Information Technology (IT) and Operational Technology (OT) has blurred the lines of defence that previously existed.
Previously, OT systems, which control tangible, physical processes, enjoyed the safety of an 'air gap', making them nearly immune to cyber threats. But with today's seamless integration between IT and OT, this protective gap has faded1. Add to this the burgeoning growth of Industrial-Internet-of-Things (IIoT) devices, and you have a recipe for increased vulnerabilities, particularly for industrial organisations. These potential breach points can cause not just data leaks but can also disrupt physical operations, with substantial consequences ranging from production hiccups to dangerous machinery malfunctions.
Such vulnerabilities are no longer a matter of mere data breaches. When OT assets are targeted, the aftermath can manifest in disastrous real-world outcomes. For example, within the transportation sector, compromised systems could lead to major train collisions or malfunctioning barriers. In the context of the oil and gas industry, think tank overflows or hazardous material spillages.
Underscoring this perilous landscape, the "2022 ICS/OT Cybersecurity Year in Review" report by Dragos reveals a concerning 27% increase in vulnerabilities within industrial control systems (ICS) and OT2. This tally of 2,170 CVEs signals the escalating cyber threats that industries, such as mining, utilities, and transportation, now grapple with.
But it's not just about vulnerabilities. Active threats make this landscape even more daunting. The recent “leaked files” showing the collaboration between NTC Vulkan and the Russian Ministry of Defense stands testament to this. They've ushered in a formidable cyber tool aimed at destabilising key sectors like rail and petrochemicals. Meanwhile, threat groups such as BENTONITE, which have emerged since 2021, have turned their focus on maritime oil, natural gas sectors, and more. Such groups, while varied in their capabilities, present a clear and imminent danger.
TSA's Reinforced Stance on Pipeline Cybersecurity: What's New?
As threats loom, proactive responses are crucial. In line with this, the USA's Transportation Security Administration (TSA) has launched enhanced guidelines aimed at fortifying the cybersecurity of oil and gas pipelines. TSA Administrator David Pekoske, citing collaboration with federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Transportation, emphasised the commitment to robust cybersecurity measures.
In a statement from July 2023, Pekoske mentioned, “Our ongoing collaboration with the transportation sector underscores our commitment to enhancing cybersecurity resilience and safeguarding our nation's critical infrastructure”.
These revamped guidelines have their roots in the directives of 2021, which, after a review in 2022, have been strengthened based on insights from key stakeholders. They underscore the pressing need for improved cybersecurity measures, a fact painfully highlighted by the ransomware attack on the Colonial Pipeline Company in 2021.