Pipeline Infrastructure: Reducing Cyber Risk
The United States’ pipeline infrastructure, which carries oil, natural gas, and other commodities, is made up of nearly 3 million miles of pipelines. This vital enabler of domestic economic and national security is under constant threat of cyber attack due to its increasing reliance on automation through information technology.
The recent Colonial Pipeline hack may have relied on stolen or purchased account login credentials. The Colonial pipeline carries about 45% of fuel used on the east coast. The hack resulted in a rise in gasoline prices of as much as six cents per gallon.
Pipeline companies and facilities must constantly assess their security posture, assess and identify risks and vulnerabilities, and take necessary measures to mitigate or reduce the threat of breaches or attacks from potential bad actors. Cyber attacks on pipeline systems could result in equipment damage or destruction, operational shutdowns, theft of proprietary information and intellectual property, or impacts on supply and increases in prices for consumers.
There are concrete and effective actions that owners and operators of pipeline infrastructure can take to enhance the security of their infrastructure, equipment, and operations.
- Boundary Protection: Establish secure, segmented networks to prevent unauthorized access and lateral movement by attackers. Separate operational technology (OT) and industrial control systems (ICS) networks from corporate networks. Block all traffic not expressly allowed (deny by default). Restrict traffic to OT/ICS networks to essential functions. Use only dedicated and hardened devices to access OT/ICS environments.
- Monitoring: Capture, monitor, and review all traffic to establish a baseline of normal, acceptable behavior to detect abnormal or malicious activity. Investigate and validate traffic to and from OT/ICS networks. Disable unnecessary services and ports. Monitor traffic and user behavior for abnormal or potentially malicious activity.
- Configuration Management: Implement processes and best practices for setting or changing the configurations of OT/ICS networks and devices. Verify and document all configuration changes through a change approval process. Establish a baseline of approved configurations and expected configuration changes. Periodically review and verify existing configurations and monitor for attempts to change configurations. Verify and perform regular updates and patches to software, firmware for all systems and devices.
- Access Control: Limit access to OT/ICS environment to only necessary personnel and accounts. Ensure credentials are maintained, updated, and deleted. Require strong, complex passwords, account lockout policies, and multi-factor authentication. Restrict permissions to install new applications. Use VPNs/encryption if the use of untrusted networks or remote access is required. Ensure default vendor accounts and passwords are deleted or changed on devices and applications.
While these actions are not comprehensive or all-encompassing, they will lower the level of risk for pipeline infrastructure companies and facilities.