The May 7, 2021, ransomware attack on the Colonial Pipeline Co. forced it to shell out more than $4 million. While some of the ransom was recovered, the attack showed that American infrastructure reliant on operational technology (OT) might need more robust protection like its information technology (IT) sibling.
In broadsweeping response, the Transportation Security Administration (TSA) determined that railroad infrastructure, which moves commodities just like pipelines, should be part of their security-enhancing efforts.
Not long after the attack, the TSA issued two security directives, known as SD 1 and SD 2. The first directive consisted of affected businesses, such as the Belt, taking stock of their technology and potential vulnerabilities. The Belt passed an audit related to SD 1; the TSA made a few recommendations that were implemented.
SD 2, which stipulated the Belt’s plan of action to secure its technological infrastructure and eliminate potential vulnerabilities, also will be reviewed.
Once the Belt’s SD 2 plan is accepted, Director of Information Technology Robert Whitlock said it will be tested during a tabletop exercise this summer, making the Belt the first railroad in the country to do so. Whitlock credits this to the Belt’s close proximity to the TSA and the Chicago Midway International Airport. He also believes that, being neighbors, the Belt and TSA have developed a strong working relationship that’s resulted in trust and a spirit of collaboration.
In the wake of the Colonial Pipeline Co. attack, Whitlock said railroads will begin to transfer control of security from Engineering to IT, and the Belt is no exception. He noted Chief Engineer Scott Schiemann will be involved in the process of “locking down” OT. After the tabletop exercise occurs, regular audits will take place to test the Belt’s response.