Friday, November 22, 2024

Critical infrastructure continues under threat, as hackers strike at Port of Seattle and Halliburton oilfield

Must read

Port officials reported on Saturday that the Port of Seattle, which encompasses Seattle-Tacoma International Airport, is facing outages potentially due to a cyberattack. These outages are affecting the Internet and web-based systems. The latest attack comes close on the heels of the CrowdStrike outage that paralyzed air travel and was quickly followed by outages at Amazon and Microsoft. Last week, Halliburton revealed that a cyberattack compelled it to shut down some of its systems.

“The Port of Seattle, including SEA Airport, is experiencing an internet and web systems outage, which is impacting some systems at the airport,” according to a message posted on X, formerly Twitter. “Passengers are encouraged to check with their airlines for the latest information for their flights.”

The Port isolated critical systems and is in the process of working to restore full service and do not have an estimated time for return. “System outages continue at the Port of Seattle, including at SEA airport. Port teams continue to make progress on returning systems to normal operations, but there is not an estimated time for return.”

Just last week, Halliburton, a global provider of energy industry services, announced that a cyberattack compelled it to shut down some of its systems. These recent cyber attacks have once again served as yet another wake-up call for the critical infrastructure industry. These breaches involve unauthorized access by third parties, oftentimes, leading to operational disruptions, system shutdowns, and the activation of incident response plans.

“On August 21, 2024, Halliburton Company (the “Company”) became aware that an unauthorized third party gained access to certain of its systems,” according to a filing with the U.S. Securities and Exchange Commission (SEC). “When the Company learned of the issue, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity. The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The company’s ongoing investigation and response include restoration of its systems and assessment of materiality.”

Additionally, the company is communicating with its customers and other stakeholders. “The company is following its process-based safety standards for ongoing operations under the Halliburton Management System, and is working to identify any effects of the incident.”

“Organizations in the oil & gas sector are a critical dependency for so many other sectors of the U.S. and world economy, such as aviation, transportation, and power generation,” Grant Geyer, chief strategy officer at Claroty, wrote in an emailed statement. “As we saw with the Colonial Pipeline incident, a cyber attack against an oil & gas pipeline had the impact of fuel shortages and dramatic and sudden price increases, even though the operational technology that controls the flow of fuel wasn’t directly impacted.”  

Geyer added that if an organization can’t positively assert that the physical equipment hasn’t been affected by hackers, they may have to halt operations to limit the potential damage of a cyber attack. “This is precisely why we’ve seen so much focus from the U.S. government on cyber legislation and regulation—to drive action to mitigate cyber risk to critical infrastructure in the nation that could impact national security, economic security, and public safety.”

Roman Arutyunov, co-founder and senior vice president of product at Xage Security identified that the alleged cyberattack on Halliburton, the second-largest oil service company in the U.S., underscores the urgent need to strengthen U.S. infrastructure against increasingly sophisticated cyber adversaries. “Securing our infrastructure is not just about protecting individual companies; it’s about safeguarding the fabric of our society, economy, and global supply chain.”

Arutyunov wrote in an emailed statement that “our critical infrastructure have outsized impacts on everyday people. They can have environmental and safety risks. They can also disrupt everyday life – as we saw with the most recent high-profile attack in oil & gas – the Colonial Pipeline attack of 2021. They also hurt the economy, which in turn, hurts us all. With regulations, oil & gas has made leaps to be more secure (other industries can not boast 3 years between major attacks), but there’s a lot of work still left to do.” 

“Many companies still rely on outdated cybersecurity measures. All critical infrastructure operators must adopt zero trust cybersecurity solutions, as this model has become essential in the fight against evolving threats,” according to Arutyunov. “Zero trust emphasizes robust authentication, continuous monitoring, and least privilege access, ensuring that every user and device is thoroughly verified and every access request is meticulously scrutinized. By embracing this approach, organizations like Halliburton can significantly bolster their cyber defenses, reduce risks, and safeguard their critical systems and data from potential breaches.”

Marco Ayala, president of InfraGard Houston Members Alliance, told the Houston Bureau Journal that the attack demonstrated how vulnerable companies’ technology can be to cyber threats.

“Even industry leaders like Halliburton, despite their cyber maturity, can be vulnerable to encryption malware. It’s reassuring to see their teams actively responding, isolating, and addressing the incident,” according to Ayala. “Ensuring that the operational technology they provide — and on which major oil and gas companies depend — has clear demarcation is critical. Segmentation between enterprise IT and operational technology, along with the ability for quick demarcation, is vital to limit the spread and impact of such threats.”

Earlier this month, industrial cybersecurity firm Dragos disclosed that the oil and natural gas (ONG) sector had seven incidents, equating to two percent of the overall incidents in the second quarter of this year.

Latest article