Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Learnings from the Colonial Pipeline cyberattack: focus on the 98% of attacks, not the 2%!

By Jamison Utter
ransomware
May 13, 2021

For many years, the focus on securing OT environments has been on the imminent danger of a cyberattack upon critical infrastructure, in other words, SCADA/ICS attacks. Most of the concern has been on nation state actors like China, North Korean, Iran and Russia directly attacking and destroying our infrastructure. 

It’s not just a Hollywood movie plot after all. It’s happened in real life. As documented in Zero Days, Stuxnet was developed by Israel and the United States to sabotage the Iranian nuclear program in 2010. Stuxnet made its way onto a private network via a pen drive, which injected malicious code onto PLCs (programmable logic controllers) used to automate the nuclear grid’s processes. Many organizations have used this Stuxnet FUD to promote the potential of SCADA/ICS attacks causing debilitating impact - disrupting our water supply, shutting down electricity or collapsing our stock market.

However, in a recent research endeavor, I examined cyber-attacks to OT over the last year (specifically to the manufacturing sector, but it applies generally) and found this - 98% of the attacks examined were everyday ransomware or other attacks typically fielded by enterprises, they were not specialized, targeted ICS/SCADA related attacks. 

 

Ordr article

*Statistics compiled from IBM X-force 2020 Threat Intelligence Index, and  Dragos Manufacturing Sector Threat perspective 2020

This does not in any way discount the danger of an attack to our critical infrastructure. What this research shows is that the main focus for securing OT environments needs to start with the IT (and IoT) environments. Most global energy companies and many other industrial enterprises are as large as many service providers. They have massive investment in IT infrastructure, backhaul bandwidth, and IT staff. Because of digital transformation, OT systems on the factory floor need to talk to IT systems (and IoT devices) in the carpeted area. That connectivity is essential to drive efficiencies, pinpoint competitive advantages, and optimize uptime. That same connectivity is what adversaries will take advantage of to compromise systems.

This was the case with Colonial Pipeline.

Energy and oil and gas companies like Colonial Pipeline typically adopt an “air gapped” security architecture with physical separation to prevent disruptions and to enable cyber resiliency. However, this is a case where a simple ransomware attack compromised the network in such a way that Colonial Pipeline found it necessary to shut down 5,550 miles of pipeline as a precautionary measure. This shows that physical separation and “air gapped” networks designed to protect the physical controls depend on IT systems that are ALSO integral to operations.

This is what I observed with other manufacturing/OT network attacks in my research. In the 98% of attacks that were non-SCADA/ICS, there were failures in risk identification (risk to operations), failures in the identification of what is a ‘mission critical system’ and failure in best practices to protect against common attacks. In many cases, the IT systems were impacted by an attack like ransomware while the OT systems were unaffected, and production could have continued. However, with IT systems down, this impacted billing, accounting, logistics, and other operational components critical to service delivery, thereby halting all production (i.e. an OT outage from IT).  This means we need to change our perspective that OT is "super-critical infrastructure" while IT is more of the "nice to have back-office stuff." Both OT and IT security are equally important.

 

Cyber-Resiliency and the Converged IT/OT Environment

The sentiment of “Segment and Disconnect OT” just isn’t viable anymore in the age of digital transformation. CISOs and CIOS should take the Colonial Pipeline cyberattack learnings to build a business case and plan to secure their converged IT and OT environments, with the following best practices:

1.     Make risk assessment a holistic exercise - Risk assessment needs to become a wholistic exercise where risk of availability should be part of the equation. The ‘what if’ question needs to be applied universally, not just to traditional operational technology but also to IT systems.

2.     Identify security solutions that work across domains (IT, IoT, OT and beyond)  - To build resilience across the entire organizations, the security solution to protect this converged environment needs to span the carpeted space and OT with a distinct ability to interact with traditional IT switches and firewalls. Gartner calls this “multifunction security platforms” in their recent Market Guide on OT Security.

3.     You can't secure what you can't see. An effective security strategy must begin with a complete accounting of every connected device and real-time visibility into device behavior and risks. It's critical to continuously monitor device behavior and baseline their communications to identify malicious behavior and lateral movement. It is also important to be able to automate policies that limit devices to only access required for their role, i.e. Zero Trust least privilege access.

Organizations must take responsibility now for knowing what is connected to their networks, and take the steps necessary to secure every device (IT, IoT and OT) on their networks. For more best practices on ransomware, check out Ordr CISO Jeff Horne’s blog here.

KEYWORDS: critical infrastructure cyber security information security ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jamison utter

Jamison Utter is Senior Director of Product and Solutions Evangelism at Ordr. He brings 25+ years of IT/Security experience spanning large organizations like Sprint, SUN Microsystems and Palo Alto Networks where he led the OT/IoT business development unit and startups like Infoblox where he was the security evangelist for many years. His deep desire to understand a customer’s internal and external problem set make him an empathic speaker and his experience in many roles spanning sales, channel, BD, and evangelism make him a capable and competent industry visionary. With hundreds of public speaking engagements including the EU congress at the Hague and a special briefing for Homeland Security and select members of the US Senate, he has addressed CISOs and legislators alike. He lives a thousand feet above Denver, Colorado with his wife Sarah and dog Sookie. Jamison is an avid martial artist, nature enthusiast, and freemason.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • pipeline-freepik1170x658v5.jpg

    Reflecting on the anniversary of Colonial Pipeline ransomware attack

    See More
  • cyber security

    Colonial Pipeline ransomware attack proves yet again that cybesecurity is paramount: Why companies don’t take cybersecurity seriously

    See More
  • cost-enews

    The High Cost of Not Doing Enough to Prevent Cyber Attacks

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing