Ransomware Threats to Critical Infrastructure: Insights from the Colonial Pipeline Attack - SANS Emergency Webcast

During the presentation, Tim Conway highlighted that over 30 similar outages on the Colonial Pipeline have occurred over the past 20 years due to storms, ruptures, or mechanical impacts. The current pipeline disruption is the first cyber-related shutdown that has occurred. Tim continued, “None of those 30 events bubbled up to a national level response at the scale we are currently seeing with the current cyber attack.” “If you are an organization, don’t point to your IT incident response plan and assume it’s good… look towards OT specific IR plans.” - Tim Conway As ransomware attacks continue to impact organizations around the world, and with recent events like the colonial pipeline impacts, we are seeing more and more attacks that have an adjacent or direct impact on Operational Technology environments. As ransomware attacks continue to rise, how should companies think about the cyber to physical impacts to their OT environments? Organizations responsible for operating and maintaining critical infrastructure environments need to consider the steps they should be pursuing right now before a potential attack occurs, establish and implement procedures on how or if they should operate their systems during an attack, and what actions need to be taken after an attack. Tim Conway & Jeff Shearer will discuss how organizations responsible for operating & maintaining critical infrastructure environments need to consider the following: - Steps to pursue before a potential attack - Procedures to implement during an attack - Actions necessary to take after an attack SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.