The economic impact wrought by this cyberattack will bring home to government and energy operators the vulnerabilities in critical infrastructure. This is not the first ransomware cyberattack on an oil and gas utility – and it won’t be the last – but it is the most serious. It is also potentially one of the most successful cyberattacks against US critical national infrastructure
Although cyberattacks have typically targeted corporate IT systems, the risk of those jumping across to operational technology (OT) systems has become much more prevalent.
Next week’s RSA cybersecurity conference would typically have discussed the threat to all organizations from ransomware attacks, but the extent and impact of this attack on a US fuel pipeline will make this a keynote issue. The security industry must find a way to help organizations – especially utilities – develop both defensive measures to prevent these attacks and the requisite best practice for responding to them.
