Ransomware Attack Shuts Down Natural Gas Compression Plant
A natural gas compression plant was hit by a ransomware attack that forced it to shut down for two days, according to a Feb. 18, 2020, alert from the U.S. Department of Homeland Security (DHS). The attacker was able to access the plant’s IT network, and then move to its operational technology (OT) network. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) said a lack of network segmentation allowed the attacker to cross the IT / OT boundary.
Companies in the energy sector have become a popular target for hackers. Many of these organizations are using older technology to connect computer networks to equipment, leaving refineries, pipelines and chemical plants vulnerable to attack.
Cybersecurity issues have become more prevalent with the rise of the high-tech oilfield, where data is constantly being collected from wellheads, pipelines, mechanical systems and other equipment. This data is automatically transmitted to operations centers, where it is monitored, managed, measured and tracked. Using real-time analytics, energy companies can:
- Optimize operations and productivity
- Prevent unplanned outages caused by equipment malfunctions and failure
- Reduce operating costs
- Improve safety.
Organizations in the energy sector that connect IT and OT systems are more vulnerable to cyberattacks.
Convergence of IT and OT Increases Risk
The convergence of IT and OT into a shared infrastructure has also increased the risk of a security breach. Legacy supervisory control and data acquisition (SCADA) equipment that lacks modern security controls offer thousands of points of entry into the network. In addition, OT environments are increasingly connected to the public Internet, making it more difficult to monitor for malicious activity, identify vulnerabilities and protect critical assets.
According to a recent report from the Ponemon Institute, organizations in the energy sector that connect IT and OT systems are more vulnerable to cyberattacks. More than half (56 percent) of organizations surveyed reported at least one shutdown or operational data loss per year, and 54 percent expect an attack on critical infrastructure in the next 12 months. All said that a cyberattack has the potential to cause severe financial, environmental and infrastructure damage.
Employees Don't Have the Cybersecurity Expertise
But it’s not just equipment in the field that is threatened. A spike in ransomware attacks during the past few years has organizations scrambling to train employees about phishing threats and implement formal response procedures. This was one of the security gaps that affected the natural gas compression plant. The company had not built cyber risk into its emergency response plan or given employees the expertise needed to deal with cyberattacks.
In the alert, the CISA listed steps energy companies should take to mitigate cyber risks. Planning and operational mitigations include incident response plans with testing and exercises to ensure that employees know what to do. The CISA also recommended a wide range of security controls, including network segmentation, multifactor authentication and content filtering.
A Lucky Ending
The natural gas compression plant was lucky. The ransomware attack compromised Windows-based systems on both IT and OT networks, but the company never lost control of its operations. Operators were unable to access some OT data, and the company instituted a two-day controlled shut down to facilitate recovery.
It could have been much worse, and a more serious attack could happen at any time. In our next post, we’ll explain how network segmentation could have prevented any compromise of operational resources, and other security controls energy companies should have in place.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.