Two years ago, over a holiday weekend, a major cyberattack disrupted the Colonial Pipeline, shaking the United States’ Energy Sector to its core.
The Colonial Pipeline Company, one of the largest oil distributors in the U.S., was hacked by malicious cybercriminals, who forced their way into the company’s private IT network and subsequently stole over 100 gigabytes of data via ransomware—all within a scant two hours. In an effort to mitigate the effects of the breach, Colonial opted to shut down their pipeline altogether, the only viable option for stemming the ransomware’s spread.
A dependable supply chain is, of course, critical to the Energy Sector and to its ability to power our lives. If (and when) that supply chain becomes compromised, the economy, the environment, and public safety itself can suffer. In this instance, the Colonial Pipeline was only shut down for six days, yet the crisis nevertheless resulted in emergency declarations across several states, fuel rationing and panic buying at the pump, and—nationwide—skyrocketing gas prices. Clearly, the impact of this single cyberattack was anything but slight.
Some cybercriminals—as we saw with those who targeted the Colonial Pipeline—affect the supply chain with their attacks, while others use the supply chain itself in order to execute their nefarious schemes. How so? Through compromised and/or vulnerable technology products and solutions, especially those sourced through unverified channels, what’s known as the gray market. Within these off-brand or refurbished devices, any number of threats can lie in wait. Some may have undergone direct tampering or interference from a hostile nation-state. Other products may simply be end-of-life (EOL), or might rely on components that are now obsolete, posing a more benign—though no less serious—risk to those who choose to employ such products within their infrastructure. In a similar vein, software applications can also prove troublesome if not properly vetted; built-in malware aside, certain software dependencies can lead to inherent vulnerabilities within your network, which can then later be exploited by any number of bad actors.
Thus, supply chain integrity is paramount across the board, and its prioritization is a worthwhile pursuit, one that helps protect your entire technology environment from disruptions and threats.
A secure supply chain, therefore, should be a top priority for any organization seeking to procure IT hardware, software, or other solutions. Conducting regular internal reviews to identify potential vulnerabilities is a critical task, as is authenticating your suppliers and enacting the proper safeguards to keep your distribution network safe.
Sterling, for its part, takes a rigid stance on the gray market and works only with those vendors/distributors who are authorized. We’re committed to preserving national security through these efforts, but also to ensuring that customers across all market segments remain compliant and secure. Specifically, we’ve made numerous investments into industry certifications as well as built-out a robust, Zero Trust methodology.
A few of those investments include a(n):
· Open Trusted Technology Provider™ Standard (O-TTPS) Certification
· ISO 9001 Certification
· Detailed Supply Chain Risk Management (SCRM) Plan
Contact us today to ensure you’re sourcing your IT solutions via a secure supply chain!