Saturday marks exactly one year since the largest publicly disclosed cyberattack against critical infrastructure in the US took place.
Colonial Pipeline was the victim of a ransomware attack.
Colonial Pipeline Chief Executive Joseph Blount told a US Senate committee that the company learned of the attack shortly before 5 am on May 7, when an employee discovered a ransom note on a system in the IT network.
The hack took down the largest fuel pipeline in the US and led to shortages across the East Coast.
And in response, the US government declared a state of emergency.
Brett Ramirez of Diagon Consulting believes these kinds of attacks are something we should be mindful of here in T&T.
“This whole cyber warfare can escalate into life-threatening events and people are not taking note of this,” Ramirez told the Business Guardian.
Ramirez said he believes that hackers may start attacking the operational technologies (OT) which “include things like water plants, energy companies, oil and gas, electricity, and God forbid nuclear.”
OT, or operational technology, is the practice of using hardware and software to control industrial equipment, and it primarily interacts with the physical world.
“If you are able to get (hack) into these plants you could damage beyond belief,” Ramirez said.
“If I were to start talking to governments in the region and T&T I would definitely say T&TEC, and WASA, oil and gas (companies), you need to get your house in order, make sure that your backups, your network has to be completely severed from your IT network,” he said.
Ramirez said while plants may not be accessible through the internet and public forums or public domains, what happens is that the company’s IT environment does have a website and with the genesis of the COVID-19 pandemic, more employees started working from home.
Blount told a US Senate committee that the Colonial Pipeline attack occurred using a legacy virtual private network (VPN) system that did not have multifactor authentication in place.
“In the case of this particular legacy VPN, it only had single-factor authentication,” Blount said. “It was a complicated password, I want to be clear on that. It was not a Colonial123-type password.”
Ramirez referred to the Petrotrin website being hacked some years ago as evidence that these types of companies could be targets.
“It is not a matter of if you are going to get hacked it is about when,” Ramirez said.
But he said this should just be taken as an incentive for companies to prepare themselves.
This, he said, is the goal of Diagon Consulting.
“We wanted to sit in the space of not just helping companies diagnose what their weaknesses are and what their exposures are, we wanted to help in terms of being able to implement. We implement cyber solutions that would prevent, that would detect, and that would respond if there is an incident,” he said.
Ramirez said with the digital transformation and the thrust taking place with regional governments and companies, there may be huge cyber implications.
Ramirez said things like ransomware and other soft cyber attacks have been around for over 20 years in the region.
“The difference in our region, and I think that this is unfortunate, is that we do not have the laws that mandate that these things get reported,” he said.
Ramirez, therefore, called for the introduction of legislation to mandate companies to report cyber attacks.
“We know for a fact based on what we have seen over the past few years there has been a definite upsurge in cyber activity,” he said.
“We have been dealing with activities in T&T where the bad actors have actually asked for cryptocurrency,” Ramirez said.
Last week Massy Stores was the target of a cybersecurity attack which led to the technical difficulties experienced at all stores across the country.
Group financial officer Ian Chinapoo said Massy has been working for years on hardening its cyber security and this is in part why the hit on Massy stores was not as bad as it could have been.
He said the issue of cyber security has been at the forefront of the audit and risk committee of the Massy Board and they have employed both local and foreign experts to harden the companies in its group defences.
He added that among the measures Massy has undertaken is penetration testing, where there is an attempt to hack the defence of its systems, and employee training.
“We have over 12,000 employees so while we continue to train, nothing is risk-free and nothing is full proof.”
Chinapoo said Massy has seen increased attacks in the region and continues to monitor those attacks and harden its defences.
The T&T Cyber Security Incident Response Team (TT-CSIRT) last week reported that it has observed a “sharp increase” in malicious cyber activity targeting local and regional entities over the past two months.
The TT-CSIRT urged all entities (public and private) to adopt a heightened state of awareness.
It said that ransomware, social engineering (phishing) and malicious insiders were the top threats to the country.
Speaking to the Business Guardian another expert who requested anonymity stated that it appears that many of our local organisations do not place ICT & Cybersecurity as a priority in their budgets and investment profile despite the shift in the global environment towards an increasingly integrated digital economy.
“This lack of prioritisation and sub-optimal investment exhibits itself both in quality of the technology purchased as well as the quality of the human capital recruited (including consulting advice received).
“Critical business systems remain unpatched and not updated, equipment and software at end of life and therefore unsupported is still in use at customer facing levels and perhaps most critical of all, employees, including executives are not exposed to cybersecurity readiness training/capacity building activities.
“Although updated technology can help mitigate, many attacks originate through social engineering techniques, as cyber attackers are very much aware that humans and human behaviour remain the weakest link in any organisation,” the source stated.
The expert added that it would be “catastrophic” if organisations do not move to protect themselves against cyberattacks at this time.
“Many of our financial institutions and large business organisations have regional operations and attacks do not have to originate in T&T to be felt in T&T.
“Ransomware attacks, in particular, where customer, employee and other mission critical data is encrypted and literally ‘held to ransom’ by attackers can potentially cripple an entire organisation’s regional operations for weeks while a solution is sought.
“We have already seen evidence of these types of outages over the last year or two,” the source stated.