In the aftermath of a cyberattack that shut down America’s largest oil pipeline, we’re seeing gas prices skyrocket. The effects of this terrible ransomware attack have now reverberated to every corner of the economy as we struggle to overcome the recession caused by a global pandemic.
This attack will undoubtedly lead to changes in the way we think about cybersecurity across the oil industry and the measures we enact to promote greater security. With such monumental consequences, preventing ransomware attacks like what occurred in May of 2021 should be the priority of any company aligned with the oil industry.
By exploring the causes and consequences of the Colonial Pipeline ransomware attack, we can better understand how the cybersecurity field will change and what you can do to protect oil pipelines and the millions and millions of consumers that they serve.
The Cybersecurity Issue Explained
In the world of oil pipelines and refineries, we tend not to think of information systems as a high priority. However, the reality is that these assets play an increasing role in managing oil supply so that consumers have a steady and reliable source of the fuel they need. As we become increasingly reliant on technology, the cybersecurity problem for gas and oil refineries, pipelines, and supply chains only becomes greater.
The cyberattack that resulted in the shutdown of all 5,500 miles of the Colonial Pipeline along the east coast of the United States proved the importance of a strong cybersecurity approach. Colonial shut down its systems to contain a ransomware breach when criminal actor DarkSide infected their information systems. The attack came just as travel was gearing up for the first summer of reopening economic conditions after the coronavirus pandemic.
The resulting consequences threaten to boost gas prices above $3 a gallon, impacting already struggling consumers as well as every industry that relies on transportation or oil-based products. In short, nearly everyone is impacted by this cyberattack.
Colonial has stated that a resumption of services will take time. Meanwhile, we look to fuel reserves from Atlanta to New York to sustain consumer needs. But the consequences and implications of this attack will extend far into the future. As governments and watchdog groups look to prevent such a devastating attack from occurring again, we are facing changing regulations, policies, and priorities in the months and years to come.
How the Recent Attack will Change Oil Industry Systems
Long before the 2021 ransomware attack, alarm bells were ringing across the fuel industry. As companies across economic sectors applied greater technology and connected devices on the Internet of Things (IoT), cyberattacks and ransomware prevented real and devastating risks.
Then the COVID-19 pandemic made things worse. With an estimated fivefold increase in cyber attacks, every information system has had to implement policies to remain protected. Typically, this has meant securing systems with expansive cloud data security networks, implementing highly encrypted data structures like blockchain, and keeping employees educated on all the procedures necessary to stave off cyber threats.
These security measures come with a growing awareness of the importance of data protection, which in some regions of the world are already supported by regulation standards. Right now in the US, regulations in terms of data protection are somewhat pieced together. However, many companies already operate within the guidelines of international data security measures, set down by initiatives and regulations in other parts of the world.
With the impacts of ongoing cyber threats, we may expect to see some of these standardized measures come to the oil industry.
Here are some examples of these international standards and what they entail:
- The General Data Protection Regulation (GDPR) is a European Union measure that requires companies to protect data and report breaches within 72 hours.
- The Payment Card Industry Data Security Standard is a globally enacted attempt to reduce credit card fraud by managing secure and regularly tested networks.
- The Global Data Security Initiative is a proposal the Chinese government made to reduce the threat of cyber attacks and espionage.
With regulations like these already in place in certain markets and with more on the way, it is only a matter of time till we see enhance standards across the oil industry. Even before May’s ransomware attack on the Colonial Pipeline, the United States enacted a Pipeline Cybersecurity Initiative (PCI) that provides resources and standards for monitoring pipeline security. Functions of the PCI include:
- Assessing the readiness of pipeline systems to address and prevent cybersecurity threats.
- Developing risk mitigation strategies and applying helpful tools.
- Collaborating with partners and stakeholders to promote enhanced pipeline cybersecurity.
As the awareness spreads of how important pipeline cybersecurity is to every consumer, initiatives like this are likely to become more than just resources but enforced regulations intended to keep businesses and consumers safe. The recent cybersecurity attack will prompt more oversight and regulation of the oil industry as well as new policies for building better cybersecurity infrastructures and educating oil industry workers in digital safety.
Building Better Cybersecurity Infrastructures
Right now, there is a pressing need for skilled cybersecurity workers that can help prevent attacks like this. In the US alone, an estimated 300,000 cybersecurity jobs go unfilled. These range from government positions to openings in the oil and fuel industries.
But building better cybersecurity infrastructures will take all kinds of expert help and techniques. From artificial intelligence technology that can better monitor, predict, and prevent unauthorized access to human beings with the skill set to navigate secure infrastructures, we can promote a safer oil industry.
Despite the 1.87 billion dollars already spent in attempting to mitigate the cyber threats faced by the oil and gas industries, the risks still abound. Without the dedicated professionals and advanced technologies needed to protect our infrastructures, the world faces fuel shortages and the many compounding issues that come with them.
Oil industry professionals can do their part to build better infrastructures by seeking out these professionals, promoting employee training in cybersecurity practices, and advocating for better systems. Understand these threats, then do your best to be part of the solution.
Oil and gas operations are commonly found in remote locations far from company headquarters. Now, it's possible to monitor pump operations, collate and analyze seismic data, and track employees around the world from almost anywhere. Whether employees are in the office or in the field, the internet and related applications enable a greater multidirectional flow of information – and control – than ever before.