Colonial Pipeline 1 Year Later: What Has Yet to Change?

The incident was a devastating attack, but it exposed gaps in cybersecurity postures that otherwise would have gone unnoticed.

Mariano Nunez, CEO & Co-Founder, Onapsis

May 6, 2022

4 Min Read
Pipeline
Source: Martin Muránsky via Alamy Stock Photo

The Colonial Pipeline ransomware attack that took place exactly one year ago sent shockwaves across the nation that are still being felt today. A cyberattack with such massive real-world implications had never been seen before, let alone an attack on one of the largest critical infrastructure assets in the US that was initially started via an exposed virtual private network (VPN) password. During the attack, threat actors stole nearly 100GB of data, and not long after, the Colonial Pipeline took its systems offline for several days to prevent the further spread of ransomware. The Colonial Pipeline’s shutdown affected oil and fuel supplies in many states, and as a result, the US government declared a state of emergency.

Critical infrastructure, such as the infrastructure technology and operational technology systems managed by Colonial Pipeline, is often a prime target for cybercriminals. These national assets not only store highly valuable government, company, and consumer data in their systems but could also dramatically disrupt society if compromised. The fact that the Colonial Pipeline attack was due to a security lapse served as a wake-up call for companies all over the world to rethink their cybersecurity postures.

In the wake of the attack, President Biden immediately signed an Executive Order on "Improving the Nation’s Cybersecurity," which emphasized that incremental improvements are not enough; bold change and significant investments in cybersecurity must be made to defend critical infrastructure. Federal agencies and organizations were provided with a timeline and steps to advance their cybersecurity strategies and infrastructure. However, in the months following Colonial Pipeline, the US also witnessed several other critical incidents that made national headlines, including the Kaseya ransomware attack and the discovery of the Log4j vulnerability that was baked within the foundations of the world’s software applications. Thus, it is evident that many true changes have yet to be made. Let’s take a deeper look at the developments organizations must make to their cybersecurity postures to protect the nation’s critical infrastructure.

Further Visibility into Business-Critical Applications is Crucial
Recent legislation, such as the Cybersecurity Executive Order and Cyber Incident Reporting for Critical Infrastructure Act, mark improvements for the nation’s cybersecurity landscape, as they impose specific regulatory requirements and provide further transparency into organizations’ cyber events. Despite these developments, many organizations responsible for the nation’s critical infrastructure are still operating without visibility into their business-critical applications’ security, as demonstrated by the influx of attacks that succeeded the Colonial Pipeline. Organizations must understand that systems, such as enterprise resource planning (ERP), supply chain management, and logistics management, are interconnected and support mission-critical operations that can be severely disrupted if they are compromised by adversaries. A universal shift in enterprise cybersecurity strategies is crucial to ensure organizations can swiftly recover from a cyberattack as detrimental as the Colonial Pipeline one.

Taking Actions to Defend the Nation’s Critical Systems
Without stronger security controls, business-critical systems will remain vulnerable to attack. Proper defenses need to be in place to ensure America’s valuable data is protected. Below are several actions organizations must take to protect their sanctioned resources:

  • Obtain visibility into critical assets: Enterprises must gain full visibility into all critical and connected systems to eliminate any system blind spots. By obtaining a comprehensive view of the IT and OT systems, organizations can discover internal and external threats and assess their impact in real time.

  • Implement vulnerability management tools: As vulnerabilities are an easy point of entry into business-critical assets, organizations should incorporate advanced vulnerability management into their cybersecurity posture that includes automated tools that can scan for system weaknesses. Automated vulnerability management technologies identify where misconfigurations, authorization issues, and missing patches exist, and automatically apply the necessary mitigations.

  • Adopt cybersecurity best practices: Improving threat detection and response can help close many gaps that exist in cybersecurity postures; however, adopting cybersecurity best practices is absolutely essential to mitigate unauthorized access to privileged accounts. Enterprises must ensure their employees are cognizant of all threats they may face in their day-to-day operations, such as highly targeted phishing schemes.


While the Colonial Pipeline incident was a devastating attack, it exposed gaps in cybersecurity postures that otherwise would have gone unnoticed. Enterprises that make active efforts to strengthen their cybersecurity strategies will be able to proactively mitigate threats as they arise, exceed regulatory compliance requirements, and ultimately foster trust with their employees, customers, and the community as a whole. Moving beyond Colonial Pipeline is possible but cannot be done without real improvement in cybersecurity defenses.

About the Author

Mariano Nunez

CEO & Co-Founder, Onapsis

As CEO, Mariano Nunez drives the strategic direction of Onapsis. Under his leadership, Onapsis has become one of the fastest-growing technology and cybersecurity companies in the world. 

Starting his career as a cybersecurity researcher, Mariano was the first to publicly present on cybersecurity risks affecting SAP platforms and how to mitigate them at major conferences such as RSA, Black Hat, and SANS. He was the developer of the first open source ERP penetration testing framework and has discovered critical security vulnerabilities in SAP, Oracle, IBM, and Microsoft applications. 

Mariano has been interviewed and featured in mainstream media such as CNN, Reuters, Wall Street Journal, Forbes and The New York Times. He has been distinguished by EY as "Entrepreneur of The Year 2018" and by MIT as a "Top 35 Innovator under the age of 35," as well as having been selected as an Endeavor Entrepreneur.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights