U.S. pipeline cyber attack holds lessons for Canada, experts say
Ransom-ware attack on Colonial Pipeline highlights most likely vectors of intrusion.
Hackers were able to seize control of computer systems for the Colonial Pipeline, locking access, and demanding a ransom to release them. Partial service was restored manually late Monday but a full recovery isn’t expected to be complete until the weekend.
TC Energy and Enbridge, both based in Calgary, say they regularly take precautions including technology and training to protect their operations from cyberattacks.
Vivek Gupta, who heads BDO Canada’s cybersecurity practice, says pipelines have always been targets for cyberattacks because of the potential for a high payout.
“Having said that, ” he adds, “this is a one-of-a-kind attack from a scale perspective. It’s the biggest pipeline attack, from what I can tell, in at least 20 to 25 years.”
He says organizations are usually aware that ransomware, which was used in the Colonial Pipeline attack, can shut down their operations but often don’t take full precautions.
“It’s unfortunate that an event like this is what sort of wakes a lot of people up,” says Gupta.
Gupta and other cybersecurity experts say a common way for hackers to penetrate security is to trick employees through emails or texts that allow disruptive software into corporate systems.
A Proofpoint survey of 1,400 chief information security officers from 14 countries, found that email fraud was identified as the top cybersecurity problem for the Canadian CISOs.
Other problems cited by the Canadian respondents to the first-quarter survey was the use of unauthorized devices or software, as well as weak passwords.
Proofpoint spokeswoman Lucia Milica says human error was cited as the biggest vulnerability by 51 per cent of the Canadian cybersecurity chiefs.
Robert Falzon, a Canadian spokesman for Check Point, says companies can also create a security gap when they turn to remote servers or cloud email services from Microsoft or Google.
He says problems can arise if those companies don’t also update their existing authentication systems that keep a central record of usernames, passwords and other identification data.
“Hackers know what they’re doing. They’re attacking the weakest point, which are these legacy systems,” Falzon says.
The U.S. Federal Bureau of Investigation said that a group called DarkSide was behind the ransom attack. Colonial Pipeline has said little about how it fell victim to the attack.
Statements from TC Energy Corp. and Enbridge Inc. didn’t refer to any details of the attack on Colonial Pipeline attack, which delivers about 45 per cent of the gasoline used along the U.S. East Coast.
TC Energy says it has “a well-developed cybersecurity program which we continue to advance and innovate to protect our data, systems and assets.”
And Enbridge Inc. says it has “invested significantly in cybersecurity through the years,” and tests and monitors its systems regularly.
Neither company addressed specific details about the attack on Colonial,
A large part of the Colonial pipeline service resumed operations on Monday, and authorities say there’s no gasoline shortage, but panic buying has contributed to more than 1,000 filling stations running out of fuel, The Associated Press reported Wednesday.
The FBI said Monday it had confirmed that Darkside ransomware was responsible for the Colonial shutdown – indicating it was the work of an organized crime operations.