Sat­ur­day marks ex­act­ly one year since the largest pub­licly dis­closed cy­ber­at­tack against crit­i­cal in­fra­struc­ture in the US took place.

Colo­nial Pipeline was the vic­tim of a ran­somware at­tack.

Colo­nial Pipeline Chief Ex­ec­u­tive Joseph Blount told a US Sen­ate com­mit­tee that the com­pa­ny learned of the at­tack short­ly be­fore 5 am on May 7, when an em­ploy­ee dis­cov­ered a ran­som note on a sys­tem in the IT net­work.

The hack took down the largest fu­el pipeline in the US and led to short­ages across the East Coast.

And in re­sponse, the US gov­ern­ment de­clared a state of emer­gency.

Brett Ramirez of Di­agon Con­sult­ing be­lieves these kinds of at­tacks are some­thing we should be mind­ful of here in T&T.

“This whole cy­ber war­fare can es­ca­late in­to life-threat­en­ing events and peo­ple are not tak­ing note of this,” Ramirez told the Busi­ness Guardian.

Ramirez said he be­lieves that hack­ers may start at­tack­ing the op­er­a­tional tech­nolo­gies (OT) which “in­clude things like wa­ter plants, en­er­gy com­pa­nies, oil and gas, elec­tric­i­ty, and God for­bid nu­clear.”

OT, or op­er­a­tional tech­nol­o­gy, is the prac­tice of us­ing hard­ware and soft­ware to con­trol in­dus­tri­al equip­ment, and it pri­mar­i­ly in­ter­acts with the phys­i­cal world.

“If you are able to get (hack) in­to these plants you could dam­age be­yond be­lief,” Ramirez said.

“If I were to start talk­ing to gov­ern­ments in the re­gion and T&T I would def­i­nite­ly say T&TEC, and WASA, oil and gas (com­pa­nies), you need to get your house in or­der, make sure that your back­ups, your net­work has to be com­plete­ly sev­ered from your IT net­work,” he said.

Ramirez said while plants may not be ac­ces­si­ble through the in­ter­net and pub­lic fo­rums or pub­lic do­mains, what hap­pens is that the com­pa­ny’s IT en­vi­ron­ment does have a web­site and with the gen­e­sis of the COVID-19 pan­dem­ic, more em­ploy­ees start­ed work­ing from home.

Blount told a US Sen­ate com­mit­tee that the Colo­nial Pipeline at­tack oc­curred us­ing a lega­cy vir­tu­al pri­vate net­work (VPN) sys­tem that did not have mul­ti­fac­tor au­then­ti­ca­tion in place.

“In the case of this par­tic­u­lar lega­cy VPN, it on­ly had sin­gle-fac­tor au­then­ti­ca­tion,” Blount said. “It was a com­pli­cat­ed pass­word, I want to be clear on that. It was not a Colo­nial123-type pass­word.”

Ramirez re­ferred to the Petrotrin web­site be­ing hacked some years ago as ev­i­dence that these types of com­pa­nies could be tar­gets.

“It is not a mat­ter of if you are go­ing to get hacked it is about when,” Ramirez said.

But he said this should just be tak­en as an in­cen­tive for com­pa­nies to pre­pare them­selves.

This, he said, is the goal of Di­agon Con­sult­ing.

“We want­ed to sit in the space of not just help­ing com­pa­nies di­ag­nose what their weak­ness­es are and what their ex­po­sures are, we want­ed to help in terms of be­ing able to im­ple­ment. We im­ple­ment cy­ber so­lu­tions that would pre­vent, that would de­tect, and that would re­spond if there is an in­ci­dent,” he said.

Ramirez said with the dig­i­tal trans­for­ma­tion and the thrust tak­ing place with re­gion­al gov­ern­ments and com­pa­nies, there may be huge cy­ber im­pli­ca­tions.

Ramirez said things like ran­somware and oth­er soft cy­ber at­tacks have been around for over 20 years in the re­gion.

“The dif­fer­ence in our re­gion, and I think that this is un­for­tu­nate, is that we do not have the laws that man­date that these things get re­port­ed,” he said.

Ramirez, there­fore, called for the in­tro­duc­tion of leg­is­la­tion to man­date com­pa­nies to re­port cy­ber at­tacks.

“We know for a fact based on what we have seen over the past few years there has been a def­i­nite up­surge in cy­ber ac­tiv­i­ty,” he said.

“We have been deal­ing with ac­tiv­i­ties in T&T where the bad ac­tors have ac­tu­al­ly asked for cryp­tocur­ren­cy,” Ramirez said.

Last week Massy Stores was the tar­get of a cy­ber­se­cu­ri­ty at­tack which led to the tech­ni­cal dif­fi­cul­ties ex­pe­ri­enced at all stores across the coun­try.

Group fi­nan­cial of­fi­cer Ian Chi­napoo said Massy has been work­ing for years on hard­en­ing its cy­ber se­cu­ri­ty and this is in part why the hit on Massy stores was not as bad as it could have been.

He said the is­sue of cy­ber se­cu­ri­ty has been at the fore­front of the au­dit and risk com­mit­tee of the Massy Board and they have em­ployed both lo­cal and for­eign ex­perts to hard­en the com­pa­nies in its group de­fences.

He added that among the mea­sures Massy has un­der­tak­en is pen­e­tra­tion test­ing, where there is an at­tempt to hack the de­fence of its sys­tems, and em­ploy­ee train­ing.

“We have over 12,000 em­ploy­ees so while we con­tin­ue to train, noth­ing is risk-free and noth­ing is full proof.”

Chi­napoo said Massy has seen in­creased at­tacks in the re­gion and con­tin­ues to mon­i­tor those at­tacks and hard­en its de­fences.

The T&T Cy­ber Se­cu­ri­ty In­ci­dent Re­sponse Team (TT-CSIRT) last week re­port­ed that it has ob­served a “sharp in­crease” in ma­li­cious cy­ber ac­tiv­i­ty tar­get­ing lo­cal and re­gion­al en­ti­ties over the past two months.

The TT-CSIRT urged all en­ti­ties (pub­lic and pri­vate) to adopt a height­ened state of aware­ness.

It said that ran­somware, so­cial en­gi­neer­ing (phish­ing) and ma­li­cious in­sid­ers were the top threats to the coun­try.

Speak­ing to the Busi­ness Guardian an­oth­er ex­pert who re­quest­ed anonymi­ty stat­ed that it ap­pears that many of our lo­cal or­gan­i­sa­tions do not place ICT & Cy­ber­se­cu­ri­ty as a pri­or­i­ty in their bud­gets and in­vest­ment pro­file de­spite the shift in the glob­al en­vi­ron­ment to­wards an in­creas­ing­ly in­te­grat­ed dig­i­tal econ­o­my.

“This lack of pri­ori­ti­sa­tion and sub-op­ti­mal in­vest­ment ex­hibits it­self both in qual­i­ty of the tech­nol­o­gy pur­chased as well as the qual­i­ty of the hu­man cap­i­tal re­cruit­ed (in­clud­ing con­sult­ing ad­vice re­ceived).

“Crit­i­cal busi­ness sys­tems re­main un­patched and not up­dat­ed, equip­ment and soft­ware at end of life and there­fore un­sup­port­ed is still in use at cus­tomer fac­ing lev­els and per­haps most crit­i­cal of all, em­ploy­ees, in­clud­ing ex­ec­u­tives are not ex­posed to cy­ber­se­cu­ri­ty readi­ness train­ing/ca­pac­i­ty build­ing ac­tiv­i­ties.

“Al­though up­dat­ed tech­nol­o­gy can help mit­i­gate, many at­tacks orig­i­nate through so­cial en­gi­neer­ing tech­niques, as cy­ber at­tack­ers are very much aware that hu­mans and hu­man be­hav­iour re­main the weak­est link in any or­gan­i­sa­tion,” the source stat­ed.

The ex­pert added that it would be “cat­a­stroph­ic” if or­gan­i­sa­tions do not move to pro­tect them­selves against cy­ber­at­tacks at this time.

“Many of our fi­nan­cial in­sti­tu­tions and large busi­ness or­gan­i­sa­tions have re­gion­al op­er­a­tions and at­tacks do not have to orig­i­nate in T&T to be felt in T&T.

“Ran­somware at­tacks, in par­tic­u­lar, where cus­tomer, em­ploy­ee and oth­er mis­sion crit­i­cal da­ta is en­crypt­ed and lit­er­al­ly ‘held to ran­som’ by at­tack­ers can po­ten­tial­ly crip­ple an en­tire or­gan­i­sa­tion’s re­gion­al op­er­a­tions for weeks while a so­lu­tion is sought.

“We have al­ready seen ev­i­dence of these types of out­ages over the last year or two,” the source stat­ed.