Lessons for companies in the Middle East from the Colonial Pipeline hack

The recent ransomware attack on Colonial Pipeline in the US offers a sharp reminder how critical national infrastructure remains a highly prized and targeted sector for hackers, despite there having been a lull in such attacks in the Middle East in recent years.

In the case of Colonial Pipeline, the ransomware attack resulted in significant disruption to the pipeline’s delivery of gasoline, diesel, and jet fuel, triggering real-world impacts including fuel shortages at the pump, increased fuel prices, and the requirement for some airlines to rearrange refuelling operations.

While victims are often advised by cyber security experts not to settle ransoms, it is believed Colonial Pipeline did pay Russia-linked DarkSide criminal hacking group up to US$ 5 million to gain back control of its digital network and systems.

Given the growing digitisation of what was previously a heavily analogue-based industry, critical national infrastructure organisations, and specifically oil and gas companies, need to better understand their risk profile before any mitigation can begin in earnest. This involves understanding their assets, the full range of threats they may face and the vulnerabilities. The first stage is often one of the most difficult for energy companies, which often have dispersed assets all the way through their businesses.

Vulnerabilities may arise from several different areas including technology, processes, and people. The latter should never be overlooked as a threat, for companies that employ thousands of people, vetting and control systems are vital to prevent either malicious action or carelessness. Once the cyber security function of the company has a firm handle on its risk profile, it can then move to take appropriate mitigation measures. What is required to mitigate this ever-present and growing cyber threat is proactivity. Cyber resilience as distinct to cyber security refers to the ability to proactively detect, respond, and recover from a cyber incident in a timely fashion, while suffering the least amount of disruption to operations as possible.  To achieve this, organisations need to establish and communicate policies and procedures related to their cyber security protocols, keeping them up-to-date, and ensuring staff are aware of and abide by them.