Big industrial networks, including the Colonial Pipeline, which has been down for three days following a cyberbreach, fill vital everyday needs such as gasoline, clean water and electricity. Yet these often-aging physical systems are frequently less protected against hackers than corporate information technology networks.
“It’s really a challenge when you have old infrastructure,” said Padraic O’Reilly, co-founder of CyberSaint Security, “because the security tends to be snap-on, ad hoc, reactive, etc.”
Hackers — potentially Russian cybercriminals, according to the FBI — breached the operations of the Colonial Pipeline, which delivers gasoline and diesel to the eastern United States. Operators shut down the line for safety, and if it stays down for a week or more, prices could spike at the pump, analysts fear.
Even though pipelines and power lines serve the public good, companies with shareholders and quarterly earnings run them. They decide how much — or how little — to protect them against digital bad guys.
“They have business objectives to meet, so it’s difficult to justify upgrades on equipment that is…