From the TSA to the CISA/FBI to the White House – ransomware is front-of-mind in Washington these days
The recent flood of serious ransomware attacks on industrial and critical infrastructure targets – the latest being the crippling attack on the Colonial Pipeline - has led the US government to turn up the heat on both ransomware attackers and defenders. The past month has seen the extensive introduction of new cybersecurity legislation standards of both regulatory oversight and law enforcement to protect clearly-exposed assets.
Critical Infrastructure owners are required to act immediately and report back to CISA by June 28th.
The Transportation Security Administration – which oversees, among other facilities and activities, all US pipelines – was the most recent heavy-hitter to weigh in on pipeline cybersecurity. The agency’s new security directive, that went into effect May 28 in light of the Colonial Pipeline attack, contains a string of specific and strict security and reporting requirements for pipeline owners, notably:
Most critically, the TSA is requiring asset owners to conduct a Vulnerability Assessment and report within 30 days of the effective date of the security directive, meaning by June 28th. The assessment must include the status of compliance with IEC62443 and NIST 800-82r2 (mentioned in TSA Security Directive on Pipelines – section 7.4, page 27).
The advisory was issued jointly by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on May 28th and relates specifically to the Colonial Pipeline attack. The advisory has a high level of technical detail regarding the attack’s perpetrator, Darkside and its Ransomware-as-a-Service, as well as specific recommendations for businesses on how to prevent and mitigate the effects of similar ransomware attacks.
Notably, the report recommends that organizations reduce the risk of ransomware attack by:
If they are hit by ransomware, organizations reduce the risk of a severe business or operational impairment by:
Beyond the CISA/FBI advisory and the Executive Order mentioned above, two bills have been recently introduced by US lawmakers to address cybersecurity in US industry and critical infrastructure:
Interestingly, despite the fact that the Colonial Pipeline (as well as other attacks) actually hit IT network systems – the recent directive from the Transportation Security Administration, the recommendations in the FBI/CISA Joint Advisory and President Biden’s Executive Order on Improving the Nation’s Cybersecurity – all address both IT and OT security.
The reason? The US government is essentially confirming what OT security professionals have been claiming for some time: IT and OT security are interdependent (and in many cases convergent), and only a holistic and proactive approach can keep industrial and critical infrastructure secure.
There is a growing realization that securing the Operational Technology networks that control industry and infrastructure demands a different type of OT cybersecurity approach. Both governments and industrial/critical infrastructure operators are becoming aware of the need for attack mitigation tools that were designed and built from the ground up for OT ecosystems - with operational processes and business continuity as their number one priority.
OTORIO offers an automated Security Assessment - OTORIO Spotlight. The Security Assessment is a short yet powerful offline process - with zero interference to your operational environment. Data from your systems is collected and analyzed using automated tools provided by OTORIO. The end result is a comprehensive view of risks, exposures and vulnerabilities, along with a clear and feasible risk mitigation plan – all prioritized according to the potential impact of each risk to your business. The Spotlight risk assessment can dramatically speed the process of addressing the new TSA Directive requirements, to which Critical Infrastructure owners are required to act immediately and report back to CISA by June 28th.