Professional Documents
Culture Documents
ABS Group provides data-driven risk and reliability solutions and technical services that help clients confirm the
safety, integrity, quality and environmental efficiency of critical assets and operations.
ABS Group is focused on adding value to the industries served and strategically capturing synergies with the
American Bureau of Shipping (ABS).
1000+ 20+ 50
Employees Countries Years
2
RockCyber, LLC
3
Questions
• Please allow 1-2 business days for the webinar recording to be posted.
4
Agenda
01 Colonial Pipeline
03 DarkSide
5
Colonial Pipeline
• Privately-held Company
Owned by several American and foreign
companies and investment firms, including
Koch Industries and Royal Dutch Shell
Located in Alpharetta, GA
Served East Coast since 1960’s
• Critical Infrastructure
Sector: energy, chemical
Supplies Gulf Coast oil to eastern and
southern US
Transports 2.5MM gasoline, diesel, jet fuel,
other refined products
o 5,500 miles of pipeline
o 45% of East Coast fuel supply
6
Chronology of the Attack
Date (2021) Information Updates
May 6-7 Cyber event took place… Information provided by Colonial Pipeline:
Incident involved ransomware; Proactively took certain systems offline to contain the threat; Temporarily halted all
pipeline operations and affected some IT systems; Company informed that it might have affected the industrial control
systems that regulate oil flow
May 8 Primary Focus: Safe and efficient restoration of service and efforts to return to normal operation; Minimize disruption to
our customers and supply chain; Attack under investigation by cybersecurity firm “FireEye Mandiant”
May 10 FBI and third-party cybersecurity firms are assisting in the ongoing investigation, response and recovery; Department of
Energy (DoE) and the Cybersecurity and Infrastructure Security Agency (CISA) are also involved; CISA has named
pipeline infrastructure as one of 55 National Critical Functions (NCF)
May 11-12 Website down and New website security protocols in place; Pipeline operations resumed at approximately 5pm ET;
Executive order to improve U.S. cybersecurity signed; President Biden’s Executive Order: “The private sector must
adapt to the continuously changing threat environment”
May 14 Colonial Pipeline paid DarkSide nearly $5 million in ransom; Once DarkSide received the payment, the hackers
provided a decrypting tool to restore Colonial Pipeline’s disabled computer network; Although system is getting back
online, analysts say the current gas shortage could last weeks
May 18 Colonial Pipeline experienced intermittent network outages throughout the day; Shippers were unable to make
nominations; Colonial Pipeline explained that hardening efforts caused networking outages
May 28 DHS-TSA released Security Directive Pipeline-2021-01 - , Owner/Operators required to have Cybersecurity
Coordinators and must report to the cybersecurity incidents to CISA w/in 12hours and Vulnerability Assessments are
mandatory and due by June 27th.
7
DarkSide
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined
government and look for other our motives.
Our goal is to make money, and not creating problems for society.
From today we introduce moderation and check each company that our partners want to
encrypt to avoid social consequences in the future.”
• Government Involvement
Federal Bureau of Investigation
Department of Energy
Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)
Anatomy of the Cyber Attack
Encourages actors to use Monero cryptocurrency Targets Windows Shadow Copy and common backup solutions
Affiliates an administrative panel over The Onion Router (TOR) to: Exfiltrates victim data, threatening victim to publish it, pressuring to
pay the ransom
• Access communications with victims
• Manage the administration of malware • Double extortion trend
Data Encryption
9
Anatomy of the Cyber Attack
Darkside
winrun.exe ransomware 7769cea037ebf692f1d94bab37aaa9d01c5db0dd
executable
11
Cyber Risk Mitigation
What are the risks?
• Most OT systems take advantage of network connectivity, but increased connectivity exposes your operations to the threat of
attack.
• These connections offer more ways to penetrate your defences and more ways to remotely take control of your operations.
• Unfortunately, the more network visibility and control you have, the more that you could potentially surrender to a cyber attacker.
12
Additional Resources
MTSA Cyber Workshop: Complying with U.S. Coast Guard Regulations [June 23, 2021 Webinar]
Cyber Risk Management Advisory for Critical Infrastructure Worldwide [Press Release]
OT Cybersecurity: How to Evolve Faster Than Cyber Criminals [On-Demand Webinar]
EPISODE 13
The Casualties of Cyber War:
Exploring the Colonial Pipeline Shutdown
EPISODE 12
Cyber in the Supply Chain: When Things
Go Wrong
13
Questions
• Please allow 1-2 business days for the webinar recording to be posted.
14
Thank You