department is responsible for keeping the company’s computer systems safe. OT departments may not be as commonplace, but the pipeline crisis highlights the need for dedicated OT staff or contracted professionals. For Colonial Pipeline, the bottom line is they didn’t understand how their own IT and OT systems were connected. It takes both to work the problem. Without a fully vetted incident response plan, companies are not prepared for system compromises. OT is not exclusive to pipelines, production plants, dams, and other infrastructure and industrial environments. All commercial buildings, including office complexes, retail, hospitality, education, healthcare, government, and others have OT systems. The OT systems in these facilities may include HVAC, elevators, lighting controls, metering, fire safety, access control, and other technologies, all subject to hacking, misconfiguration, phishing, and ransomware. Call it intelligent buildings, smart building systems, or whatever you like — building system cybersecurity matters. Attacks have caused catastrophic operational interruptions in many buildings. These attacks generally go unreported because they do not involve compromising sensitive personal information of users or customers, but that does not mean they are unimportant. The Colonial Pipeline Co. incident made national news because the company’s shutdown led to a fuel shortage and price increase in the southeast United States that prompted officials to warn folks not to try using plastic bags to stockpile gasoline. Foreign hackers used basic ransomware technology to take control of Colonial’s IT systems. To regain control, the company paid the hackers more than $4 million. Just weeks after this event, JBS SA, the world’s largest meat processing company, experienced a similar cyberattack, which caused temporary closures of plant operations due to affected servers supporting its operations in North America and Australia. These incidents — and the relatively low level of skill needed to carry out the attacks — should have all company leaders moving to assess vulnerabilities of their buildings’ OT systems, as the gateway to IT systems. Working with professionals, such as those at Intelligent Buildings, will become even more important as the federal government prepares to issue cybersecurity regulations for pipelines that will also impact other industries. Complexity will continue to increase and the effect will be felt at a lower level, even down to its influence on insurance premiums. Even if the regulations do not extend beyond pipelines or other critical infrastructure, they will include sound guidance that applies across sectors. For example, one part of the regulations would require the periodic review of remote network connections that can be soft spots for hackers to attack. This is especially pertinent with so many more people working from home during the pandemic and several companies considering at least a hybrid model that allows at least some work from home days. While the pipeline and plant shutdowns affected thousands and may seem far removed from many business leaders, building tenants know that convenience, productivity, and health and safety play a vital role in occupant experience. Additionally, having hackers take control of a building’s elevators or shutting down a company’s production lines can also have catastrophic impact on a more local level, so one thing <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>July</strong> <strong>2021</strong> <strong>Edition</strong> 34 Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
is clear: <strong>Cyber</strong>attacks will continue and companies large and small need increased focus on cybersecurity of both IT and OT systems. About the Author Fred Gordy is Director of <strong>Cyber</strong> Security at Intelligent Buildings, a company focused on Smart Building advisory, assessment, and managed services at scale for both new projects and existing portfolios. Intelligent Buildings helps customers manage risk, enhance occupant well-being, and continually improve performance by providing unmatched expertise, practical recommendations, and targeted services. Fred can be reached at fred.gordy@intelligentbuildings.com. <strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>July</strong> <strong>2021</strong> <strong>Edition</strong> 35 Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.
- Page 1 and 2: Colonial Key Business Pipeline, Les
- Page 3 and 4: Ransomware, the Ultimate Cyber Thre
- Page 5 and 6: @MILIEFSKY From the Publisher… Ne
- Page 7 and 8: Welcome to CDM’s July 2021 Issue
- Page 9 and 10: Cyber Defense eMagazine - July 2021
- Page 11 and 12: Cyber Defense eMagazine - July 2021
- Page 13 and 14: Cyber Defense eMagazine - July 2021
- Page 15 and 16: Cyber Defense eMagazine - July 2021
- Page 17 and 18: Cyber Defense eMagazine - July 2021
- Page 19 and 20: Cyber Defense eMagazine - July 2021
- Page 21 and 22: Cyber Defense eMagazine - July 2021
- Page 23 and 24: Cyber Defense eMagazine - July 2021
- Page 25 and 26: Cyber Defense eMagazine - July 2021
- Page 27 and 28: Cyber Defense eMagazine - July 2021
- Page 29 and 30: Cyber Defense eMagazine - July 2021
- Page 31 and 32: Cyber Defense eMagazine - July 2021
- Page 33: Colonial Pipeline, JBS Cyber Attack
- Page 37 and 38: of management complexity for any bu
- Page 39 and 40: Flipping the Cyber Script Getting A
- Page 41 and 42: Trust strategies, they will prevent
- Page 43 and 44: The growing threat In the last 12 m
- Page 45 and 46: Common Sense Cybersecurity Steps fo
- Page 47 and 48: The next big thing: addressing remo
- Page 49 and 50: Applying PR tactics is a new page i
- Page 51 and 52: NATO to Consider Military Response
- Page 53 and 54: The number of open positions in var
- Page 55 and 56: 3. Delivery - Transmission of the p
- Page 57 and 58: Uncovering the Dark Side of the Col
- Page 59 and 60: Energy and Utilities - You Have No
- Page 61 and 62: a cyberattack that shut down approx
- Page 63 and 64: Ransomware and the Cybersecurity In
- Page 65 and 66: About the Author Jack Blount is Pre
- Page 67 and 68: The airline industry’s poor recor
- Page 69 and 70: Ransomware, the Ultimate Cyber Thre
- Page 71 and 72: About the Author Yehudah Sunshine,
- Page 73 and 74: A second reason for the increase in
- Page 75 and 76: A Case of Identity: A New Approach
- Page 77 and 78: Implementing a digital trust ecosys
- Page 79 and 80: A 3-Part Plan for Getting Started w
- Page 81 and 82: As threats continue to evolve, it
- Page 83 and 84: 1. Endpoint and user protection Des
- Page 85 and 86:
The Risks of The Vulnerable Iot Dev
- Page 87 and 88:
Insecure Data Transfer and Storage
- Page 89 and 90:
Three Steps to Building Email Cyber
- Page 91 and 92:
Plan Ahead and Avoid Disaster The H
- Page 93 and 94:
NDR technology is built on three pr
- Page 95 and 96:
Hardware Trojan Detection By Sylvai
- Page 97 and 98:
the properties (user mode, memory a
- Page 99 and 100:
About the Author My Name is Sylvain
- Page 101 and 102:
outside coaches - to help them impr
- Page 103 and 104:
Tips for Avoiding Online Scams Duri
- Page 105 and 106:
Phishing Example 1 Phishing refers
- Page 107 and 108:
About the Author Cindy Murphy is th
- Page 109 and 110:
The recent Feedzai report confirms
- Page 111 and 112:
Why Cyber Risk Is the Top Concern o
- Page 113 and 114:
(BEC) attacks, also known as “fak
- Page 115 and 116:
What Educational Institutions Need
- Page 117 and 118:
Firewall Security VPN connectivity,
- Page 119 and 120:
Business Continuity: Where InfoSec
- Page 121 and 122:
● ● ● ● How educated are em
- Page 123 and 124:
Biometrics Challenges By Milica D.
- Page 125 and 126:
Epic V. Apple Trial - Impact of Big
- Page 127 and 128:
About the Author Brad Ree is the Ch
- Page 129 and 130:
eaches because large amounts of hig
- Page 131 and 132:
• securing mobile and remote work
- Page 133 and 134:
This topic has great relevance beca
- Page 135 and 136:
I recommend that leaders of private
- Page 137 and 138:
fail that promptly. After, say, sev
- Page 139 and 140:
1. Infosecurity Europe Where: Olymp
- Page 141 and 142:
leaders, and help each other advanc
- Page 143 and 144:
Cyber Defense eMagazine - July 2021
- Page 145 and 146:
Cyber Defense eMagazine - July 2021
- Page 147 and 148:
Cyber Defense eMagazine - July 2021
- Page 149 and 150:
Cyber Defense eMagazine - July 2021
- Page 151 and 152:
Cyber Defense eMagazine - July 2021
- Page 153 and 154:
You asked, and it’s finally here
- Page 155 and 156:
9 Years in The Making… Thank You
- Page 157 and 158:
Cyber Defense eMagazine - July 2021