And what it means for gas prices.
Hackers used a ransomware attack to shut down a major US pipeline for several days, forcing the Biden administration to declare a regional state of emergency to keep some of the oil supply moving until the pipeline is back in service. The cyber attack appears to be the the greatest ever on an American energy system, and another example of a cybersecurity vulnerability that President Joe Biden has promised to address.
The Colonial Pipeline Company reported on May 7 that it was the victim of a “cybersecurity attack” that “involves ransomware,” forcing the company to take some systems offline and disable the pipeline. The company based in Georgia He says operates the largest pipeline in the United States, carrying 2.5 million barrels per day of gasoline, diesel, heating oil and jet fuel on its 5,500-mile route from Texas to New Jersey.
The pipeline supplies nearly half of the east coast’s fuel supply, and a prolonged shutdown could cause price increases and shortages to ripple across the industry. Colonial said Monday it hopes to “substantially resume” its operations by the end of the week and minimize disruptions caused by the closure.
Even so, by Tuesday, the national average price for regular gasoline was up to 2 cents, with larger jumps in some states served by the pipeline, including Georgia, Carolina and Virginia. Georgia Gov. Brian Kemp has temporarily suspended the state gas tax to offset the rise in prices. Another problem have been gas stations running out of fuel, although such shortages are believed to stem from panic buying rather than a lack of supply.
“The fuel shortage is more likely to be the result of panic buying by consumers watching the headlines, rather than shortages caused directly by the attack,” Marty Edwards, former director of industrial control systems for CISA, and vice president of operational technology security for Tenable, told Recode. “This is something we have seen with Covid and grocery stores selling household items. Regardless, it shows the impact cybersecurity has on our daily life. “
“It is much easier to understand the impact of a cyber attack if it directly impacts your daily life,” he added.
The FBI he confirmed that the ransomware used is related to the hacker group called DarkSide, which is believed to be based in Eastern Europe. DarkSide does not appear to be connected to any nation-state, saying in a statement that “our goal is to make money, [not to create] problems for society ”and which is apolitical.
According to cybersecurity firm Check Point, however, DarkSide provides its ransomware services to its partners. “This means we know very little about the real threat actor behind the attack on Colonial, which can be any of DarkSide’s partners,” Lotem Finkelstein, Check Point’s chief of threat intelligence, told Recode. “What we do know is that taking down extensive operations like the colonial pipeline reveals a sophisticated and well-designed cyber attack.”
It is not known how much money the hackers are asking, or how much, if anything, Colonial paid, if he is willing to pay anything.
Ransomware attacks they generally use malware to block companies from their systems until a ransom is paid. They have increased in recent years and costs billions of dollars in ransoms paid on its own, not counting those that are not reported or any costs associated with offline systems until the ransom is paid. Ransomware attacks have targeted everything from private companies to government to hospitals and health systems. The latter are particularly attractive targets, given the urgency to restore their systems as soon as possible.
Energy systems and suppliers they have also been the target of ransomware and cyber attacks. The cybersecurity of America’s energy infrastructure has been a particular concern in recent years, with the Trump administration declare a national emergency in May 2020 he intended to protect America’s mass power system with an executive order that would prohibit the acquisition of equipment from countries that pose an “unacceptable risk to national security or the safety and security of American citizens.”
Details of how the hackers managed to gain access to Colonial’s systems have not yet been made public, but Bloombergberg reports that the attack began on May 6, with nearly 100 gigabytes of data stolen before Colonial’s computers were locked down. A ransom was demanded, both to prevent data from being leaked over the internet and to unlock affected systems.
With the pipeline down, the company and its fuel suppliers hope that fuel trucks and possibly tankers will make up for some of the shortage. Emergency waivers were provided by the Department of Transportation a prolong driving hours for trucks and some companies are search in rental of tankers for the delivery of fuel by ship. The latter option would likely mean waiver of the Jones Act, a 1920 law requiring domestic navigation to be performed on ships built, owned and operated by US citizens or permanent residents. This was done for other temporary fuel crises; for example, in the wake of Hurricanes Katrina, Rita and Sandy. But these measures will not be enough to completely replace the oil supplied by the pipeline.
Concern over the attack highlights two of the Biden administration’s stated priorities: improving American infrastructure and cybersecurity. Russian on a large scale SolarWinds hack, disclosed in December 2020, was shown to have affected several federal government systems. Biden then said that as president, “my administration will make cybersecurity a top priority at all levels of government and we will make handling this breach a top priority from the moment we take office. … in the face of cyber attacks on our nation. “
Biden also unveiled a $ 2 trillion infrastructure plan which includes $ 100 billion to modernize the power grid, which cybersecurity experts were hoping to do to include improvement of IT security measures. Biden also suspended Trump’s mass power system executive order for launch his plan. And he is reportedly planning to unveil an executive order soon that will strengthen cybersecurity at federal agencies and for federal contractors.
But these measures are more focused on preventing another SolarWinds-like attack. Federal officials he told the New York Times who don’t think the order does enough to prevent a sophisticated attack, nor would it apply to a private company like Colonial. The pipeline attack could reinforce demands for cybersecurity standards for companies that play an important role in American lives. As it stands, they often decide the security measures they use to protect critical systems.
“Ransomware is about extortion and extortion is about pressure,” James Shank, chief community services architect at cybersecurity firm Team Cymru, told Recode. “The impact on fuel distribution immediately attracts people’s attention. … This underscores the need for a coordinated effort linking the capabilities of the public and private sectors to protect our national interests. “
Assuming the pipeline is restored by the end of the week, it shouldn’t cause a serious or prolonged disruption of the fuel supply chain or hit consumers’ wallets too hard. But the next – and many cybersecurity experts fear there will be a neighbor, or many more next – could be far worse if no top-level measures are taken to prevent it.
“We cannot think of these attacks as just an impact on private companies – this is an attack on our country’s infrastructure,” Shank added.