CANTON, OHIO – More high-profile infrastructure attacks are likely to follow the hack of the Colonial Pipeline and a key part of the problem is weak IT Asset Management of computing devices and software, according to the International Association of IT Asset Managers (IAITAM), the leading authority on IT Asset Management (ITAM).
The now-hacked Colonial Pipeline, stretching from Texas to New England, has been called the “jugular” of the U.S. energy supply line, since it delivers about 45 percent of the fuel used on the East Coast. In recent months, there have been similar attacks on a major dam site, a city water supply, hospitals, municipalities (including police and fire services), and electrical utilities.
IAITAM President and CEO Dr. Barbara Rembiesa said: “The problem here comes down to one central reality: If you are not managing your assets, you’re not managing your business … and you can’t secure what you don’t know you have. Old and new infrastructure projects tend to be big and, as with a pipeline, may cover a huge amount of the country. When most people think about ‘security’ in such cases, they tend to think about the physical, low-tech side of things. But, increasingly, it is the cyber and high-tech side of things that leaves infrastructure projects wide open.
“This country is way behind where it needs to be in ensuring that every single device and piece of software associated with these infrastructure projects is accounted for, secure, and up to date. Old infrastructure is already under attack today because of a lack of rigorous IT Asset Management, and the prospect of the federal government adding billions of dollars to infrastructure without proper management will only add to the problem and open up more security loopholes. The government ratings on asset management are already low compared to private firms and we see that in GAO reports every year.
“All the people behind these ransomware attacks need is someone running a laptop in an unauthorized fashion on a non-secure network, such as a home Wi-Fi system. They don’t need much more than a central computer system that is running software that has not been properly patched or otherwise updated. And they are delighted to find an employee who is tapping into key systems remotely on a personal cellphone or other device that has not been authorized for such access.
“Until the operators of public water systems, energy pipelines, nuclear power plants, bridges, tunnels, airports, and other key infrastructure elements get serious about thorough and tough-minded IT Asset Management, we are going to see more and more ransomware attacks like the one on the Colonial Pipeline.”
IAITAM has been warning in recent months about a variety of major IT Asset Management lapses exposing U.S. businesses and agencies to serious repercussions. To see how IAITAM played a major leadership role in 2020 in alerting organizations for COVID-19 ITAM issues, see here, here, here, here, and here.
The International Association of Information Technology Asset Managers, Inc., is the professional association for individuals and organizations involved in any aspect of IT Asset Management, SAM, Hardware Asset Management, Mobile Asset Management, IT Asset Disposition and the lifecycle processes supporting IT Asset Management in organizations and industry across the globe. IAITAM certifications are the only IT Asset Management certifications that are recognized worldwide. For more information, visit www.iaitam.org.