Following the Colonial Pipeline ransomware incident, the Department of Homeland Security (DHS) is working to regulate cybersecurity in the pipeline industry. The Transportation Security Administration (TSA) will issue a directive this week to institute mandatory reporting requirements. Pipeline companies will be required to report cyber incidents to federal authorities. Another directive will be issued in the near future outlining new requirements organizations must follow to safeguard their systems and prevent cyber-attacks. The new directives look to be the first of many as Congress continues to look at updating the cybersecurity foundation of both private and federal organizations dealing with critical infrastructure. Binary Defense analysts will continue to monitor and report on new federal regulations and legislation dealing with cybersecurity.
Analyst Notes
Before an attack takes occurs, organizations should have an incident response plan in place. A detailed plan should include digital forensics response activation and notification procedures for a cyber incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services by protecting them behind a strong VPN with Multi-Factor Authentication (MFA) and auditing any unusual login events from IP addresses or devices that are different from what the employee account normally uses. Threat actors commonly gain initial access through insecure Internet-facing remote services or phishing. Provide social engineering and phishing training to employees. Urge them not to open suspicious emails, not to click on links or open attachments contained in such emails, and to be cautious before visiting unknown websites. When an attack makes it through the outer layers of defense, it is important to have a Security Operations Center or a managed security monitoring service with expert security analysts on duty, such as the Binary Defense Security Operations Task Force. The Task Force provides a 24/7 monitoring solution of SIEM and endpoint detection systems to detect and defend from intrusions on an organization’s network.
