Essay: Cyber Attacks Plague Online Operations - A Case Study.

The evolution of technology and its impact on human efforts

Technology has been evolving with time and it would not be wrong to say that the evolution of technology is decreasing the efforts of human beings. It can also be witnessed that technology has made human life comfortable as new technologies can easily perform human work. The development has been phenomenal and it would not be wrong to say that the technology change has brought a big change in human lives. Computers are now doing humanitarian work and it can be noticed that now they don’t need a lot of humanitarian assistance as their work has improved with time. But one of the things which have increased with time is the cyber attacks. Cyber attacks can be termed as an unauthorized invasion of some outsiders to control technology illegally (Rid and Buchanan, 2015). It has been seen that maximum companies in the world are running through some sort of software or technology. The working mode is completely online and there is hardly anything offline. But now things have changed in such a manner that these illegal invaders are trying to gain control of the software or technology illegally. The main purpose of the cyber attackers is to ask for ransom price or hack the secret and important data of the organization. One of the biggest cyber attacks took place in the United States of America where attackers shut down the pipeline. It can b said that how can a pipeline be hacked but it was noticed that pipeline was running online and hackers got into the systems and hacked it and stopped the flow of oil. This was termed as one of the biggest cyber attacks on a platform that is not considered to be a place where attackers can hack the system. This report will talk about how Cyber attacks took place and what can be the possible ways to enter the systems. This report will demonstrate the understanding regarding how such cyber attacks can be prevented. It will also include the organization for security plan and how security monitoring system can help in avoiding such issues.

The hack on the Colonial pipeline is considered to be one of the biggest attacks on national infrastructure in history. This pipeline contains oil for many states and it was seen that the east coast was supplied fuel through this pipeline. The major worry which was witnessed was that if the pipeline is stopped for a long time then it can cause a surge in fuel prices and that can trouble a large group of people (Hobbs, 2021). It would not be wrong to say that this can bring issues in the country as price hikes in fuels can bring anger among people. Colonial pipeline is one of the pipelines in the world which runs with the help of technology and there is no role of humans in running the pipeline. So that means, when the attack is done then there are no chances for the human labour to continue the flow of fuels because the whole system of fuel flow was run on technology. Hackers somehow got into the system of the company and finally, they were able to hack the system. Hacking the system here means controlling the flow of fuel. They stopped the flow of fuel and the company confirmed the same on May 7^th that their systems are hacked and this can be regarded as one of the toughest phases for the company as they were trying to recapture the controls of the pipeline (Bingle and Schaeffer, 2021). It can be said that technology can be dangerous as well when it gets into the wrong hands and that can trouble the lives of the people. Computer data hacks and bank hacks are now common as cyber attacks can get into the system. But hack of the pipeline is something that is first of its kind. Colonial Pipeline Company also tried to get back their system but they failed in regaining the control.

The rise of cyber attacks and its threat to national infrastructure

One of the things which were noticed was that this attack was well planned and carried out as they knew that this pipeline is much needed for the east coast. The hackers were also aware of the issues which will be created after this hack of the pipeline. Colonial Pipeline Company is considered to be one of the big names in the pipeline sector and getting in their system and hacking is a big thing. Hackers were looking out for ransom as they knew the company will b paying them as the halt in the fuel flow is troubling the company and they would pay anything to get their controls back (Parson and Killian, 2021). The worse part of a cyber attack is that it takes a lot of time to get back the system online as there is a big amount of damage done by the hackers. Over the years, it has been noticed that these hackers have made it tough for companies to regain control without fulfilling their demands. Fuel is considered to be a necessary thing for the people of the 21^st century and hacking that means cutting a major part of the lives of the people. It was noticed that when there is the connectivity of technology then there is the risk of cyber attack. Pipeline technology was connected with Colonial Company's internal network and that is why the vulnerability over the pipeline is there. It would not be wrong to say that vulnerability increases when the internal system is entirely connected. It has been noticed that when a hacker gets into the internal system then there is nothing that can be saved from the hacker. A breach in the internal system is turning out to major concern for humans in the 21^st century.  

Figure 1- Pipeline Network of Colonial Company

In this report, it will be witnessed that how Security Breach in Colonial Pipeline Company took place. It will also be noticed which laws were breached due to the cyber attack on Colonial Pipeline Company. Discussion regarding how one can able to prevent such attacks will be done. It will also include the security practices that can minimize or prevent the re-occurrence of such attacks.

The first section of the report will talk about the way through which the Colonial Pipeline Company security was breached. The second section of the report will talk about the review of security-related issues. The third section will talk about how security can be improved and make sure that there would not be any similar future attacks. 

It has been witnessed that the Colonial Pipeline Company network was inter-connected. In simple words, it can be said that getting into the network of Colonial Pipeline Company was an easy thing. That is why it is said that interconnection of the network should not exist because it makes work easier for the hackers to gain control of the entire system. It was noticed that this hack started with an Email. Email is considered to be the easiest way of getting into the systems as it has been noticed that the hackers put some malware in the links in the Email (Ford, 2021). So the hackers might have tricked one of the employees by sending an Email containing malware and that might have started the damage. It would not be wrong to say that getting into the system is possible when there is some sort of breach in the system. Employees of the company are logged in to the systems and when they click on such Emails containing malware then it is easy to get into the system. Slowly and gradually, starts taking down the whole system and controls the entire system. The malware-based attack has been termed as the most probable way of hackers getting into the systems of Colonial Pipeline Company.

The Colonial Pipeline hack – a case study

Malware has turned out to be a major tool for hackers as it has been noticed that it is software that is designed in such a way that it destroys and damages computer systems (Ronen et al., 2018). It is also meant to capture important data from someone's computer or leak some sort of private information. It can be said that it allows hackers to have unauthorized control of someone's system to cause damage. A company employee might not be even aware of the malware in the Email as detecting Email is not an easy thing. Malware-based cyber-attack has become quite common as it is one of the simplest ways to breach anyone's security and cause damage to privacy (Or-Meir et al., 2019). In simpler words, Malware can be defined as a virus that causes a lot of damage that self-replicates by inserting its code into other programs. It can be said that this malware issue is quite common in cyber attacks because it is not easy to detect and it causes a large amount of damage as well.

There is another way through which hackers might have got into the systems of Colonial Pipeline Company and that is by using weaknesses of third-party software. It is a known fact that there is third-party software in the Colonial Pipeline Company system as third-party software is used for running many functions. It can be said that hackers also try to get into the system through third-party software. It is considered to be an easier way for hackers to get into the system by finding the weakness of third-party software (Mendoza, 2017). It is a known fact that there are not enough securities enforced by third-party software as they are more inclined towards working for the clients. It has been noticed that this is another way of getting into the system of Colonial Pipeline Company. Colonial Pipeline Company system is having the third party and that is why there is a cloud of doubts revolving around the third party.

After a few days, the FBI confirmed that it was a group called DarkSide who hacked into the system of Colonial Pipeline Company. They are a new group of hackers who are more into asking ransom ware from Russia. They even posted the message about getting into the systems and they asked for the ransom ware. They also posted a message that their major purpose was to make some money and not to cause damage to any individuals (Oxford Analytica, 2021). It can be said that this was of cyber attack has become as the hackers are now looking forward to gaining money by hacking into big profile company's internal system.

It has been seen that in the last few years, the risk revolving around companies has increased. All the companies that are having their system online are now in the vulnerable zone. It has been witnessed that threats and attacks on an online system have increased a lot and it can be said that gaining unauthorized access to company software has become quite a common thing as it is easy to get into the systems when the system is completely online.  Threats are now common as it is more about the risk of the system getting into the wrong hands and which can create a vast amount of damage as well (Rathore et al., 2017). According to ENISA, there are few threats to the information system which can cause damage. These are a few of the ways through which one can get into the system of a company and can cause damage to the information system of the company. They are considered to be the common way of breaching into the data of a company and they are the major signs of worry for the companies as they have to plan out the security plans for these threats.  

Understanding the breach and the consequences

Figure 2 - Common Threats in 2020

These threats are turning out to be major worries for the company and it has been noticed that now companies are trying to employ some tactics which can counter the issues. Recent data breaches around the world also show that malware has turned out to be a common way of an entrance data breach (Alguliyev, Imamverdiyev and Sukhostat, 2018). It has also been witnessed that now many issues are revolving around the online systems of the company. The breaching of data has become common as hackers are finding some way or another for getting into the systems of the company. It has also been witnessed that these threats are becoming too common and even in the data breach in a system; these threats were witnessed as one of the mediums of hacking. It can be said that now companies need to be aware of the issues arising from cyber attacks.

Many agencies started to look into this cyber breach and the main reason which made companies look into this attack was that it was the first of its kind security breach and no one witnessed such a breach earlier. A pipeline breach can be termed as the direct breach of the infrastructure of the company and it can be termed as one of the ways through which hackers can get into the infrastructure of a company. The worse part of this attack was that it controlled one of the essentials which are required to have a proper life. Different national and international security agencies started to probe into this cyber attack and it was the FBI who was able to find out the mind behind this offense (Sparkes, 2021). The worse part of such attacks is that it is too tough to track down the invaders because they use the network which is switching from one country to another. It makes tough for the agencies to track hackers. Colonial Pipeline Company was done from Russia and FBI informed the same. But to date, the masterminds, behind this offense are not known as security agencies are still trying their best to find the ones who were behind this criminal offense. This can be termed as a criminal offense because due to their act many requirements were halted and hence causing trouble to the human race. It was seen that such attacks are not so common and hence it took time for the agencies to begin their investigation. It would not be wrong to say that such attacks have now started and altogether a different types of attacks which can be expected in future.

It was seen that Colonial Pipeline Company paid the ransom amount to the hackers after several hours of the shutdown of the pipelines. It was witnessed that the company was under immense pressure as the pipeline was the main part of their working and there were many angry investors putting pressure on the company. It was also witnessed that they paid a big amount of $4.4 million or 75 bitcoin (Ford, 2021). They paid the amount with the help of the FBI and the Department of Justice also confirmed that the ransom amount was paid. It has been seen that whenever a big company is under pressure due to a cyber attack then they have a lot of internal and external pressure. Stakeholders of the company are the one who plays an important part in such a situation because they are the one who decides the next step of the company in such a situation. It was noticed that the Colonial Pipeline Company was under a lot of pressure as the investors were not happy with the attacks as the company name was in news due to bad reasons. It would not be wrong to say that this attack can be termed as the most disruptive attack on US cyber board. 

Preventing future attacks – review of security-related issues and best practices

Figure 3 - Data Breach in different Sectors

Figure 3, shows that there has been increase in data breaches in every sector in last few years and this can be termed as a major issue. However, many experts said that this attack would not put USA infrastructure in the vulnerable zone as it is not an easy thing to get into the information system of the companies. But it can be said that this incident has changed one thing and that is people's way of thinking about this issue which took place in Colonial Pipeline Company (Reeder and Hall, 2021). Now there is a need to understand that security has to be improvised to make sure that there are no such attacks in the upcoming future.

There is a need to upgrade the security level in Colonial Pipeline Company so that future attempt to hack down the pipeline system is minimized. There are a few things that can be applied in the Colonial Pipeline Company working system.

One of the experts commented that such incidents can be prevented by making the system offline (Tidy, 2021). The offline system cannot be hacked and that is why it is necessary to have such a system. The pipeline system is one of the systems which can be run on an offline mode like it used to run a few decades ago.  But in the era of technology, running a system on an offline basis looks quite outdated as it will include men labour and this is something that companies try to avoid. It is one of the things which are not possible due to dependency on technology. So making the system completely offline is not possible. But one thing that can be done is to implement partial offline mode as the partial offline mode will make sure that there is some sort of backup with the company. In terms of such hacking, the offline model can turn out to be the saviour. It has been noticed that hackers can get access to online procedures but they will not be able to get into the offline control. This will make sure that the fuel flow cannot be hampered by any hacker.

It is important to implement the latest technologies in the systems of Colonial Pipeline Company so that the security breach is not easily done. Upgrade of IT systems is termed as one of the ways to counter the issue of hacking as it has been noticed that it is not easy to get into the system when there is regular modernization of IT systems (Stanislav and Beardsley, 2015). It is more like changing the pattern of security and that makes it quite impossible for the hackers. That is why it is said that the companies should not let the security system turn old. The old system is the one that is quite vulnerable to hackers as it has been seen that recent hacks have been possible when the security system is too old.

Configuration Management has turned out to be a major way of protecting the security of the information system of a company. This is one of the urgent things which can be done by the company to increase security levels against any kind of cyber attack (Linsbauer, 2016). It has been noticed that configuration management is that involves adjusting the default setting of the information system to increase security. This allows the security team to detect an early breach and helps in countering the issue of hack which can be done. There is a need for implementing some tools with help in detecting the unauthorized invasion done to the information system.

It has been noticed that there for modernization in IT systems of Colonial Pipeline Company as it will help them in maintaining the latest technological assistance which is available. It has been seen that the latest IT systems will have the company in maintaining security (Jain and Chana, 2015). Regular modernization of IT systems also helps in monitoring the security system of Colonial Pipeline Company. It can be said that regular monitoring of the security system always helps in finding out the fault which might be there in the system. It has also been seen that the latest technologies also help in detecting the malware which might exist in the system and that is quite helpful for Colonial Pipeline Company. It will also alert them in case of any sort of malware attack in their systems in the coming years.

It has also been noticed that there is a need to train the employees of Colonial Pipeline Company. It will help them understand the issues which can be there while they are working on the system. Training should include understanding the malware issues. This is one of the common ways to get into an organization system that is why it is necessary to train the employees so they can understand the threat which can come through a normal Email (Pattinson et al., 2018). It is also important to detect the changes which are there in the system when someone is trying to get into the system. It helps in detecting and reporting such cases of hack within no time.

It is also important to implement a security policy plan which might prove to be effective during the time of the hack. It has been noticed that are a few things that should be included in the Security plan which will help the Colonial Pipeline Company.

Colonial Pipeline Company needs to assign some new roles and responsibilities to people so that they can work towards improving the security of the company system. Roles and Responsibilities can be planned out for better results and it can be done with the help of the ISACA framework (Gashgari, Walters and Wills, 2017).    

Figure 4 -Roles and Responsibilities

It is important to have a good risk assessment plan so that one can have an idea about the security level when there is some sort of cyber attacks taking place. It helps in understanding the amount of damage which could be caused during a cyber attack (Ryu et al., 2017). It is important to understand the potential impact which can be caused during the attack. According to the same, the company can prepare itself for an attack. 

Figure 5 - Risk Assessment Steps 

It is important to have a proper risk control plan as this helps in avoiding damage done to the system by hackers. This is more like a strategy that can help in controlling the damage and decreasing the threats. Colonial Pipeline Company needs to implement a good strategy regarding risk control so that there could be no future attack like the last one. It will also help in minimizing the damage done by the hackers.

Conclusion

Based on the discussions, it can be summarized that the cyber attack on Colonial Pipeline Company was a new type of attack. It has been discussed that Malware was used to get into the systems of the organization and later that helped in stopping the flow of the fuel. It can be said that malware and some other types of threats are now coming in information technology. Recently data breach has been increased and that is an alarming concern. There is a need for organizations like Colonial Pipeline Company to upgrade their security level so that their system is not easy to hack. It has been seen that there is a need to regularly implement some latest technology changes so that there is proper security provided to the company information system. There is a need for the implementation of a Security plan so that future attacks on Colonial Pipeline Company can be minimized and that is something that has become necessary for all the organizations that are running online systems. 

References

Alguliyev, R., Imamverdiyev, Y. and Sukhostat, L., 2018. Cyber-physical systems and their security issues. Computers in Industry, 100, pp.212-223.

Bingle, Y. and Schaeffer, D., 2021, October. Should the private sector conduct “hack back” operations against cyberattackers? An ethical dilemma: cyber self-defense or cyber vigilante?. In 2021 IEEE International Symposium on Technology and Society (ISTAS) (pp. 1-1). IEEE.

Ford, E.W., 2021. Cyber Ransom in the Information Age: A Call to Arms Against the Hackers. Journal of Healthcare Management, 66(4), pp.243-245.

Gashgari, G., Walters, R.J. and Wills, G.B., 2017, April. A Proposed Best-practice Framework for Information Security Governance. In IoTBDS (pp. 295-301).

Hobbs, A., 2021. The Colonial Pipeline Hack: Exposing Vulnerabilities in US Cybersecurity.

Jain, S. and Chana, I., 2015, September. Modernization of legacy systems: A generalised roadmap. In Proceedings of the Sixth International Conference on Computer and Communication Technology 2015 (pp. 62-67).

Linsbauer, L., 2016, May. A variability aware configuration management and revision control platform. In 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C) (pp. 803-806). IEEE.

Mendoza, E.R., 2017. Network Investigation Techniques: Government Hacking and the Need for Adjustment in the Third-Party Doctrine. . Mary's LJ, 49, p.237.

Or-Meir, O., Nissim, N., Elovici, Y. and Rokach, L., 2019. Dynamic malware analysis in the modern era—A state of the art survey. ACM Computing Surveys (CSUR), 52(5), pp.1-48.

Oxford Analytica, 2021. Efforts to curb ransomware crimes face limits. Emerald Expert Briefings, (oxan-db).

Parson, K. and Killian, E., 2021. A Hack a Day—Can Insurance Keep the Resulting Losses Away?.

Pattinson, M.R., Butavicius, M.A., Ciccarello, B., Lillie, M., Parsons, K., Calic, D. and McCormac, A., 2018, September. Adapting Cyber-Security Training to Your Employees. In HAISA (pp. 67-79).

Rathore, S., Sharma, P.K., Loia, V., Jeong, Y.S. and Park, J.H., 2017. Social network security: Issues, challenges, threats, and solutions. Information sciences, 421, pp.43-69.

Reeder, J.R. and Hall, T., 2021. Cybersecurity’s Pearl Harbor Moment. The Cyber Defense Review, 6(3), pp.15-40.

Rid, T. and Buchanan, B., 2015. Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), pp.4-37.

Ronen, R., Radu, M., Feuerstein, C., Yom-Tov, E. and Ahmadi, M., 2018. Microsoft malware classification challenge. arXiv preprint arXiv:1802.10135.

Ryu, J., Yoon, E.J., Park, C., Lee, D.K. and Jeon, S.W., 2017. A flood risk assessment model for companies and criteria for governmental decision-making to minimize hazards. Sustainability, 9(11), p.2005.

Sparkes, M., 2021. How do we solve the problem of ransomware?.

Stanislav, M. and Beardsley, T., 2015. Hacking iot: A case study on baby monitor exposures and vulnerabilities. Rapid7 Report.

Tidy, J., 2021. Colonial hack: How did cyber-attackers shut off pipeline?. [online] BBC News. Available at: <https://www.bbc.com/news/technology-57063636> [Accessed 7 January 2022].