"US Gas Pipeline Shut Down Due to Ransomware"

A US gas pipeline operator has been hit with ransomware, encrypting data on its information technology (IT) and operational technology (OT) networks. The ransomware impacted human-machine interfaces (HMIs), data historians, and polling servers. As a result, the affected natural gas compression facility temporarily shut down. According to an advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the cyberattack appeared to have started with a spearphishing attack. Failure to implement effective network segmentation increased the success of the attack. CISA has advised asset owner-operators across all critical infrastructure sectors to learn from the mistakes discovered in the investigation of this incident. Operators are also encouraged to implement mitigations such as using multi-factor authentication for remote access to networks, adding cybersecurity to safety training programs, and more, in order to avoid falling victim to such attacks. This article continues to discuss the cyberattack on the US gas pipeline, what mitigations should be applied by asset owner-operators in all sectors, and current efforts to help pipeline operators bolster their cybersecurity posture. 

Help Net Security reports "US Gas Pipeline Shut Down Due to Ransomware"