Ransomware Attack on Colonial Pipeline Raises Vendor Cybersecurity Concerns

The recent ransomware attack on Colonial Pipeline should serve as a glaring reminder of how easily a single cybersecurity incident can cripple a fragile infrastructure. Despite the government’s appeals for drivers to resist panic buying, many gas stations throughout the Southeast were running dry last week. The issue wasn’t a gas shortage, but rather a problem with distribution.

About the Colonial Pipeline Attack: Key Details

Georgia-based Colonial Pipeline provides nearly half of the east coast’s fuel, with its main pipeline traveling from Houston, TX to Linden, NJ. After the cyber attack was discovered on May 7, Colonial took proactive measures and shut down operations. Details are still emerging about what exactly led to the attack, but it was likely a combination of a few different factors, including poor security practices from users.

The attack has been linked to ransomware group DarkSide which first emerged on Russian hacking forums in August 2020. The group claims that they’re apolitical and only motivated by obtaining money from large companies. They forbid its affiliates from attacking certain industries like healthcare, education, public sector and non-profits.

Colonial Pipeline Attack: Recent Updates

• Colonial Pipeline has resumed operations after the 5-day shutdown but noted that product delivery will still be delayed for several days.
• They have reportedly paid the ransom of almost $5 million in cryptocurrency.
• President Biden signed an executive order on 5/12 which directs the Commerce Department to create new cybersecurity standards for government vendors.
• The Environmental Protection Agency (EPA) issued a fuel waiver on May 11, and it goes into effect through May 31. This allows some retailers to sell gasoline that burns dirtier than normally allowed.
• The Department of Transportation (DOT) has also stepped in to help alleviate the distribution problems by considering a temporary waiver of the Jones Act, which prohibits foreign ships from transporting goods between US ports.

3 Tips to Enhance Your Vendor’s Cybersecurity

Although this was a targeted attack, organizations would be wise to brush up on their cybersecurity and vendor due diligence practices to ensure that the proper safeguards are in place to protect against a similar incident. Here are three ways to do this:

1. Cybersecurity protocols and procedures: Ensure that you collect these documents from your third party, which should also include the results of testing. This will confirm that they have a process to not only detect incidents, but also to properly respond to them.
2. Shared cybersecurity practices: Your vendor should follow any cybersecurity best practices that your organization has in place, while also ensuring that their third parties (your fourth parties) are performing to your standards.
3. Include breach notification requirements in your contract: Your requirements and expectations around breach notifications and procedures should be clearly defined in your contract.

Ransomware attacks and other cybersecurity events will always be a part of our interconnected and technology driven world, but there are ways to protect yourself from being a victim. By ensuring that you and your third parties are adhering to these best practices, you can lessen your risk of facing an attack.

Not sure if your vendor's cybersecurity is where it should be? Download our Vendor Cybersecurity Checklist to ensure your organization is protected.