Today I am going to talk about something that happened outside of our industry but that should be a concern of every ISP. There is a lesson to be learned from the Colonial Pipeline hack by the DarkSide ransomware group from Russia.
I am positive that if I call my ISP clients that every one of them will tell me that their broadband networks are secure and that there is no way for malware to shut down their broadband network. I would trust that response since most broadband networks are encrypted from end-to-end between the core and customers.
But the ISPs would still be wrong. The hack of Colonial Pipeline did not attack the software that operates the pipeline. Instead, the hackers found their way into the computers used for the billing system. When that 10-year-old software got locked, Colonial had no way to take orders, pay the gas suppliers, or bill customers for delivering gas. The money side of the business was locked. Colonial made the decision that it couldn’t operate without that software.
I think if I ask the question to ISPs of whether every computer, laptop, and tablet connected to the OSS/BSS software is totally secure I would get a different answer. Hackers only need to get into one computer to shut down an ISP’s OSS/BSS. Without that software, most ISPs would not be able to take new orders, answer billing questions, send out new bills, take trouble tickets, or dispatch repair people. With the OSS/BSS software locked an ISP wouldn’t even be able to look at customer records. Most ISPs would be unable to somehow switch to a manual method of doing things. Most ISPs would have little choice but to pay the ransomware if they found themselves in the same position as Colonial.
This is the same approach that the ransomware hackers take with many large targets. They shut down the billing systems system for hospitals to bring them to a halt. They shut down the supply chain and inventory software of factories to bring them to a screeching halt. Businesses of all types now have sophisticated suites of software that are equivalent to our industry’s OSS/BSS software. Over the last decade, most larger businesses have migrated to a master software that controls most of the day-to-day backoffice functions of the business. That automation has been a huge time and dollar saver – but it is the point of attack for malware hackers.
I advise every ISP to take a look at the security of computers used by staff. That’s where the vulnerabilities are – and that’s where the ransomware folks exploit. Very few ISPs pay the same kind of attention to PCs, laptops, and cellphones as they do to the broadband network. We often don’t keep up with software updates for every device. We let employees take devices home or travel with them and use hotel WiFi.
I would bet that we’ve already had ISPs hacked – because most of the businesses that are hit with ransomware don’t talk about it. They pay the ransom and hope they get up and running again. A company like Colonial had to disclose it because the gas supply chain works on a 24/7 cycle and gas stations started running out of gas soon after the attack.
I am not a security expert, and I don’t have any answers. But I know a lot of clients do not have ironclad security for the backoffice side of the business. As soon as I heard about this hack I realized how this could happen easily in our industry as well.