By Mark Carl
As we witness the deterioration of diplomacy and increased military activity in Eastern Europe with Russia’s invasion of Ukraine, the overall risk of state-sponsored cyberattacks has also increased—for both governments and the private sector. Given the critical role of the fuel and convenience industry in the U.S., these geopolitical issues could hit home for many of us very quickly.
With continuing development in the Ukraine-Russia crisis, many within the military community anticipate that hybrid warfare will be used—including cyber warfare against Ukraine’s critical infrastructure. This wouldn’t be a surprising development, since similar tactics were deployed in Russian military aggression against its neighboring country of Georgia in 2008, as well as the Donbas region of Ukraine in 2014.
Particularly concerning is some of the language released in the DEV-0586 alert from the Microsoft Threat Intelligence Center (MSTIC) on January 15, 2022. That alert describes malware targeting Ukrainian systems, with MSTIC saying it has not found any notable association between that activity and other known groups. In addition, MSTIC lays out key concerns around the fact that the malware appears to have no mechanisms to extort ransom but is simply meant to be destructive in nature.
The U.S. has responded with damaging economic sanctions as Russia invades Ukraine, including sanctions on the Nord Stream 2 pipeline and restricting Russia’s access to vital technological inputs. As with every geopolitical decision, these actions have some risk attached to them. In addition to state-sponsored cybercriminals, many others might be sympathetic to Russia’s causes or might be adversely impacted by any U.S.-imposed sanctions.
This, in turn, could lead to increased cyberattacks from Advanced Persistent Threat (APT) actors on critical sectors within the U.S. as a means of disruption or retribution. These are just a few of the reasons that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other organizations have been heightening public awareness by issuing security alerts.
In terms of impact on the NACS convenience and fuel retailing community, the energy sector is one of the most obvious targets for state-sponsored attack groups. The inherent risks of moving gasoline make it even more susceptible to interruption, as was laid bare by the May 2021 Colonial Pipeline attack. When systems are attacked, it takes significant time to recover them and bring them back online safely. Beyond any financial cost, the resulting disruption and loss of public confidence can be equally damaging.
In the convenience retail sector, approximately 150,000 fueling outlets (including 116,641 convenience stores) that work to keep Americans on the road are within the potential line of targeting. While it may be easier for adversaries to target higher levels of distribution, such as larger pipeline operations, it’s important for everyone in the downstream sector to also remain vigilant.
Here are five immediate steps you can take to protect your convenience retail operation:
- Employ measures to reduce the overall risk of cyberattacks.
- Focus on defensive mechanisms like network firewalls and segmentation.
- Deploy threat detection and isolation capabilities.
- Make sure you have a reliable plan to respond to a cyber incident.
- Frequently back up critical systems in a secure way that provides for fast restoration following a breach.
As the world continues to get flatter, it’s important to understand the potential impact on your business from events happening half a world away. Make sure you remain vigilant and continue to strengthen your cybersecurity posture, knowing when to call in proven partners who can implement best practices and systems efficiently and effectively. It’s the smart way to protect your business and your customers, especially during times of increased risk.
Mark Carl is chief security officer, PDI.