CISA Issues Alert on Ransomware Attack on Pipeline Operator

blank

The Cybersecurity and Infrastructure Security Agency on Tuesday issued an alert about a ransomware attack on information and operational technology networks of a natural gas compression facility. 

The Department of Homeland Security’s CISA said the cyber threat actor initially obtained access to the pipeline operator’s IT network using a spearphishing link before infiltrating the OT network and deploying ransomware on both networks. The attack resulted in an operational shutdown for approximately two days and loss of productivity.

CISA also found that the pipeline operator failed to implement segmentation between its OT and IT networks and its emergency response plan did not specifically consider cyber-related risks.

The agency called on asset operators and owners and network administrator to consider operational, planning, architectural and technical mitigation measures using risk-based assessment strategy. These include identifying single points of failure for operational visibility, ensuring that emergency response plans consider cyber incidents, requiring multifactor authentication, updating software and implementing execution prevention through application whitelisting.

You may also be interested in...

Lt. Gen. Shaun Morris

Lt. Gen. Shaun Morris on AFLCMC’s Push for 5G, Digital Engineering Efforts

 Lt. Gen. Shaun Morris, commander of the Air Force Life Cycle Management Center (AFLCMC), said in a recent address that the center has invested significantly in technologies like 5G to help promote efficiency across military bases. “As an Air Force, I think it is important to capitalize off what we’ve done and not lose sight of these investments,” said Morris.