The Colonial Pipeline cyberattack by DarkSide demonstrated the vulnerabilities and effects of these incidents on industrial organizations worldwide. We see more and more concern regarding similar attacks and how organizations could approach and prepare adequate cyber defense and incident response plans for similar cyber incidents.
Last week Tim Conway & Jeff Shearer from SANS ICS and SCADA programs conducted an Emergency Webcast on Ransoming Critical Infrastructure. During the session, Tim Conway highlighted that over 30 similar outages on the Colonial Pipeline have occurred over the past 20 years due to storms, ruptures, or mechanical impacts. The current pipeline disruption is the first cyber-related shutdown that has occurred. Tim continued, None of those 30 events bubbled up to a national level response at the scale we are currently seeing with the current cyber attack. Details on the archived webcast are provided below.
As a follow-on initiative, SANS is pleased to be collaborating with the NZ ICS NZ Cyber Technical Network for a panel discussion on the Colonial Pipeline event, talking about what this means to the NZ industrial security community:
Date and Time: Tuesday 18th May 2021, 10:00-11:00 NZST / 08:00 0900 AEST
Hosted by Peter Jackson, Engineering Manager Cyber, SGS ECL and Instructor ICS515, SANS ICS (NZ)
Robert M Lee, CEO/Founder, Dragos and Course Author ICS515, SANS ICS (US)
Michael Hoffman, Principal Industrial Consultant, Dragos and Instructor ICS612, SANS ICS (US)
Fran Gomez, ex-Mercury, Senior Technical Account Manager, Dragos (NZ)