CISA Issues Alert on Ransomware Attack on Pipeline Operator

The Cybersecurity and Infrastructure Security Agency on Tuesday issued an alert about a ransomware attack on information and operational technology networks of a natural gas compression facility. 

The Department of Homeland Security’s CISA said the cyber threat actor initially obtained access to the pipeline operator’s IT network using a spearphishing link before infiltrating the OT network and deploying ransomware on both networks. The attack resulted in an operational shutdown for approximately two days and loss of productivity.

CISA also found that the pipeline operator failed to implement segmentation between its OT and IT networks and its emergency response plan did not specifically consider cyber-related risks.

The agency called on asset operators and owners and network administrator to consider operational, planning, architectural and technical mitigation measures using risk-based assessment strategy. These include identifying single points of failure for operational visibility, ensuring that emergency response plans consider cyber incidents, requiring multifactor authentication, updating software and implementing execution prevention through application whitelisting.

Check Also

Marine Corps Operations

Marine Corps Looks to Expand C2, Expeditionary Base Operations

John Garner, program executive officer for land systems at the U.S. Marine Corps (USMC), has said the service branch gears its current acquisition efforts toward expeditionary advance base operations (EABO) and distributed command and control.The Marine Corps is working on a small Common Aviation Command and Control (CAC2) System.