HUNTINGTON — Earlier this month, Colonial Pipeline was forced to shut down after a cyberattack, leading to increased gas prices and a gas shortage across the East Coast.
Colonial Pipeline was the victim of a ransomware attack, which is a cyberattack designed to render files and systems unusable until the target pays a ransom.
These types of cyberattacks are growing, according to Katerina Goseva-Popstojanova, a computer science professor who oversees a National Science Foundation-funded project at West Virginia University that prepares students for cybersecurity jobs.
“There is an explosion of ransomware attacks, including to critical infrastructure such as pipelines, electric grids, water treatment facilities and hospitals,” Goseva-Popstojanova said. “In general, ransomware attacks may aim at the control systems of the critical infrastructure and other cyber-physical systems, leading to direct disruption of service.”
Goseva-Popstojanova said it appears that the Colonial Pipeline attack was due to poor cybersecurity practices, which made breaking into the company computer systems and infecting them with ransomware fairly easy.
“Instead of reacting to attacks, a proactive approach is needed that would improve the cybersecurity practices and make the systems resilient to ransomware and other types of attacks,” she said.
North American Consulting Services Inc. (NACS) opened a Huntington division at Marshall’s Brad D. Smith Business Incubator on 3rd Avenue in downtown Huntington last year to do business to business consulting on cybersecurity best practices for local businesses.
The pipeline hack has become a wake-up call for all businesses to ramp up cybersecurity, according to NACS CEO Justin Jarrell.
“I think a lot of businesses from small to medium to large don’t have an awareness of the importance cybersecurity,” he said.
Since 2004, NACS has provided managers to advise NSA, Combatant Commands, the State Department and nearly 50 different Department of Defense weapon systems program managers on needs and requirements.
“We started this division in Huntington after hearing about some regional economic powerhouse being victims of cyberattacks,” Jarrell said. “After hearing about them, I wondered why they didn’t have more resources to defend themselves and wondered if it was a skills issue. I looked at a couple of different universities, and Marshall stood out by having an incredible cyber forensics and security (CFS) program. So I concluded that it’s not a lack of skill development, but maybe a lack of awareness by local businesses resulting in the lack cybersecurity jobs.”
Kevin Dillon, a graduate of Marshall’s CFS program, said he couldn’t find a job in the area and moved to Florida, like many of his classmates.
“I grew up in Huntington and went to Spring Valley High School,” Dillon said. “I graduated from Marshall, but there were not many options for cybersecurity-related jobs around here. I went to Tampa and was there about two and a half years. I missed home, so this job opportunity has worked out great.”
Dillon is a senior security operations center (SOC) analyst for NACS in Huntington.
Ron Cole, a junior SOC analyst at the company, is also a West Virginia native who left the area to find employment.
“I grew up in Cross Lanes and went to Nitro High School,” Cole said. “I left in 2013 and was in Arizona, where I got my bachelor’s degree in cyber operations, when I saw a posting for this cybersecurity job in Huntington and applied for it. It’s great to be back home.”
NACS has its headquarters in Point Pleasant.
“We have been exclusively doing Department of Defense contracting in a more general field of communications security,” Jarrell said. “But I see an opportunity here to help local business in this region.”
Jarrell said there appears to be a presumption of the amount of resources needed to address cybersecurity risks within a business or organization.
“The best way I can explain the concept of cybersecurity for a business is being able to create the infrastructure, practices and hygiene to help secure and protect sensitive data that might be used to exploit the business,” Jarrell explained.
Jarrell said NACS provides a variety of different services to protect businesses and organizations.
“From general cyber hygiene training that includes best practices on opening up emails, web-based chat room and forums, addressing phishing campaigns and other vulnerabilities the business may have,” he said.
Dillion said a company’s workers may do something as simple as clicking on a PDF file in an email.
“It’s very easy to put something in a PDF that will do anything that the malicious actor wants it to do,” Dillon said.
NACS does knowledge-based training to help businesses know what to look for to make their employees more capable and more protective against cyberattacks.
“Another service we provide is cybersecurity operations center support and services,” Jarrell said. “Basically what we do is place or install certain folders or files in our clients’ network or managed services and monitor every bit and byte of data that’s being transferred throughout their network so that if there was anything out of the ordinary IT operations and traffic we would be able to catch it instantly.”
NACS also provides network penetration testing, known as “Pen Test.”
“In the health care world through HIPPA they sometimes like to call it a security risk assessment,” Jarrell explained. “We act as malicious actors to see all the different ways we can get into their systems. Not just through email phishing, but physically as well. We see if we can we stand outside of their building and get connected to their wireless router, their wireless network access point, and then from there see if we can exploit some of their hardware in their office. We see if we can physically enter their building and see their data that way or plug a thumb drive in a computer. We are testing all the different ways we could access whatever information our client wants us to try to access.”
Jarrell said that’s from an external perspective, but there is also an internal perspective to consider as well.
“That’s once we are inside and have been able to access their network and then we go to each device, each computer, each cell phone, printer, Google Chrome, Chrome stick and every device owned or managed by that organization or business to find as many different weaknesses with all of their hardware devices,” he said. “We also have the capability with a software platform that’s a data management tool that is extremely sophisticated and dynamic, but one of the most intuitive, user-friendly interfaces I have ever seen.”
Jarrell said it helps lots of local businesses manage their own IT security policies and best practices.
NACS has a cyber security training range.
“You can’t really play real cyber war for fear of losing the infrastructure, the servers and computers that are connected,” he said. “The cyber security training range we have has many capabilities and one that really sets it apart is you can active an equivalent of cyber malicious software equivalent to an atom bomb in the cyber security training range and it won’t ruin the company’s infrastructure. Everyone can still operates normally as if nothing happened. It has some of the latest scenarios that is extremely realistic to cyberattacks today.”
Jarrell said without naming local victims of cyberattacks, he knows of one last summer.
“Another one the summer before that and these were big organizations in the area,” he said. “The winter between 2019 and 2020, there was a small, family-owned machine shop in southeastern Kentucky with maybe 12 employees that were victims of ransomeware that completely shut down the company.”
Jarrell said the past year he has done research and development to be able to offer cybersecurity services to small to medium-size companies in addition to the large companies and the federal government.
“A cyberattack could ruin a company or organization,” Jarrell said. “They could put a ransom that literally bankrupts them. Our services help them find every possible way they could be exploited and then we could help them remediate those issues and concerns.”