Darktrace’s Justin Fier on Critical Infrastructure Threats

The ransomware attack against Colonial Pipeline may be the wake-up call needed to get organizations and policymakers to think about – and do something about – threats against critical infrastructure.

Colonial Pipeline, which resulted in panic buying and gasoline shortages at gas stations in various parts of the United States, was likely not the first such attack – and it won't be the last, says Justin Fier, director of cyber intelligence and analysis at Darktrace. Organizations are beginning to disclose security incidents and attacks more than they used to, so it is possible other incidents occurred in the past that were never publicly reported.

“We're starting to hear more about these, so I think it's safe to say, 'This has probably happened in the past, but not at this magnitude,'” Fier says.

In this Tech Talk (above), Fier outlines how organizations with industrial control systems in their environments should think about security. Modernization is necessary in operational technology environments, but it introduces security risks that organizations need to address before they are hit by an attack. And they need to be thinking about asset management and visibility in the physical space.

“Having the visibility – being able to spot a rogue engineer or a consultant on the production floor plugging something in that might be beaconing out to another place – is absolutely paramount,” Fier says.

Organizations trying to figure out how to secure their environments should turn to the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency for help, Fier suggests. The agencies have been tackling the challenge head-on by educating people about the threats against industrial control systems and providing guidance on what to secure within those different environments.

“They’re putting out great content almost on a daily and weekly basis, whether it’s warnings and alerts or just simple guidance,” Fier says. “I think that’s a really easy place to start.”

For many people, the attack against Colonial Pipeline was the first time they experienced an event caused by a cyberattack on critical infrastructure. Security experts have been warning for years that an attack on critical infrastructure would have physical-world implications – but it wasn’t until people were searching for gas stations with available fuel that the message finally landed.
“While I don't wish it upon any organization, I'm happy that this has happened and [Colonial Pipeline] has been as transparent as they have been about what happened and what they're doing to fix it," Fier says.