Natural Gas Ransomware Attack Provides Lessons Learned
A natural gas ransomware attack that occurred in February 2020 offers some critical insights that electric utilities can leverage to reduce the odds of being victimized by a similar attack. According to the alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that communicated the attack, the unnamed gas utility suffered a 2-day shutdown of a compressor station. The ransomware gained access to the station via the company’s industrial control system (ICS).
What Can Electric Utilities Learn from this Latest Natural Gas Ransomware Attack?
ICS are the networks that help run electric grids and enable pipeline operators to optimize pipeline systems, and ransomware attacks that target ICS are becoming more and more common. In this particular instance, access to the network was obtained via a “spearfishing link” (an attack that uses links in emails, rather than email attachments, to download malware onto a network). The result was that the company’s systems could not read critical operational data for 48 hours.
Based on how this went down, industry experts have provided the following lessons learned for electric utilities:
- Critical networks must have the proper segmentation, with chokepoints designed to make it more difficult for malware to spread – the malware spawned by the aforementioned natural gas ransomware attack spread because the company’s network was not segmented (specifically, multiple environments were using a shared Windows operating system).
- Older operating systems need to be upgraded / updated to handle emerging threats.
- Electric utilities need to establish boundaries between their information technology and operations technology environments.
- Electric utilities need to continuously track outgoing communications from ICS to quickly identify anomalies that could be a sign of trouble.
- Utilities need to train employees to recognize and avoid phishing campaigns.
You can read the actual CISA report for all the technical details of the February natural gas ransomware attack, but the bottom line is that utilities in all sectors need to step up their cybersecurity game. Making system upgrades, as well as hiring security experts, are the minimum steps necessary to help keep utilities one step ahead of increasingly sophisticated attackers.