May 2022, Vol. 249, No. 5
Guest Commentary
Securing Pipeline Endpoints Against Rising Global Threats
By Philippe Herve, Vice President of Energy, SparkCognition
As Ukrainians fight to hold the line against heavy shelling and missile strikes, Russia is being admonished by Ukraine’s international supporters. Moscow promises to cause as much disruption as possible to its detractors with a full-on cyber retaliation. It has already taken preliminary actions at the U.S. banking system with assaults on technological infrastructure that began after the sanctions over Ukraine were announced.
Other key industries are also under threat as Russia attempts to disrupt crucial infrastructure. The oil and gas industry is on high alert, particularly with pipelines being key enablers of the U.S. economic and national security.
Historically, Russian-sponsored cyber criminals have used rudimentary yet effective methods to access target networks, including spear-phishing, credential harvesting, brute force/password spray techniques, and known vulnerability exploitation against accounts and networks with weak security.
In taking advantage of simple passwords, unpatched systems and unsuspecting employees to gain initial access, they would move laterally through the network unincumbered to establish persistence and exfiltrate data.
Cyberattacks continue to rise and they have become far more complex, driven by digital transformation. Pipeline and energy operators at large have increased reliance on the integration of information and communication technologies (ICT) into information technology (IT) and operational technology (OT) to drive automation.
They work well in communicating across vast geographic spaces using long-distance telecommunication infrastructure, but they expose vulnerabilities to nefarious cyber actors who look for access to OT by first breaching the IT system and then “jumping” to the OT system.
Transportation Security Administration (TSA) is responsible for the oversight of physical and cybersecurity on all operational pipelines in the U.S. Over the last few months, TSA issued two security directives requiring pipeline and energy operators to implement several urgently needed security measures to protect against cyber intrusions.
The second directive provided explicit agency recommendations for pipeline industry security practices, including implementing security measures to protect against cyberattacks, the development of cybersecurity contingency and recovery plans, and conducting cybersecurity architecture design reviews.
The Department of Energy (DOE) recently released a warning to the energy sector to proactively prepare for the “highest possible level” of Russian cyberattacks. A new malware has surfaced linked to Russian-backed Advanced Persistent Threat (APT) groups, a faction already known to have led previous attacks on the energy and finance sectors.
The U.S. Senate is so convinced of imminent cyber threats that it passed a cybersecurity package this month that would require companies to report damaging hacks and ransomware payments to the Infrastructure Security Agency within 72 hours of breach. This legislation is now with the House.
All western companies should be in a heightened state of preparedness now, but yesterday’s security best practices are not comprehensive or technologically astute enough to protect against the newest cyber threats. There are no blueprints for avoiding the newest digital invasions.
Pipeline ‘Intelligence’
The digitalization of OT assets opens Pandora’s box of vulnerabilities for pipeline companies, including zero-day and never-before-seen attacks. Of the successful endpoint attacks in 2019, analyst firm Ponemon Institute reports 80% of them were zero-day attacks. This is a troubling figure for pipeline companies relying on outdated cybersecurity measures.
In 2012, then U.S. Defense Secretary Leon E. Panetta warned that the United States could be the victim of a “cyber-Pearl Harbor.” More than ever before cyberattacks pose a significant risk to infrastructure, and traditional OT security models are not equipped to cope with novel, zero-day cyberattacks. Until recently, there has been no security available for new or aging endpoints.
As pipeline companies continue to merge OT and IT environments, it will take advanced, cybersecurity solutions and strategies to ward off advanced imminent criminal groups. In response to this unprecedented challenge, artificial intelligence (AI)-enabled cybersecurity products have emerged to mitigate breach risk and improve security posture efficiently and effectively.
AI and machine learning (ML) are the critical technologies that can quickly analyze millions of events and data points and identify threats, including but not limited to, identifying risky behavior that might lead to a phishing attack, downloading malicious code, and the presence of malware that could exploit zero-day vulnerabilities.
The technologies also learn over time, building profiles on users, assets and networks based on historic behavior, then drawing on that information to detect and respond to anomalies without impacting the user experience.
It can also leverage big data analytics and the power of machine learning to detect and prevent never-before-seen attacks like ransomware, trojans, crypto miners and in-memory exploits.
Pipeline owners are well advised to look for a security product that integrates easily into existing security stacks and agents so it can operate seamlessly in the background of endpoints running Windows, Linux, or Mac OS to improve overall enterprise security posture.
Author: Philippe Herve is the vice president of Energy at Spark Cognition and is a multilingual executive with U.S. and international success in operations, technology, business development, marketing, sales and client relations. He started working with artificial intelligence in 1985. Herve holds multiple patents for the use of ultrasonic energy in well inspections and has written many technical papers.
Comments