Cyberattacks may seem an abstract threat to many Americans. But the ransomware strike that knocked offline a key gasoline pipeline last week has created concrete problems for drivers in the Southeast as fuel prices creep up and lines form at service stations in affected areas.
The pipeline came back online Wednesday evening, Energy Secretary Jennifer Granholm announced, although it is expected to take several days to become fully operational. But the shutdown of the Colonial Pipeline system underscores the continued vulnerability of important sections of the country’s infrastructure to foreign hackers seeking chaos or cash, or both. Many potential targets of cyber extortion haven’t invested enough in computer security in recent years, say some experts. Meanwhile, the explosion of remote work during a pandemic has created more holes where bad actors can break into systems.
“With this pipeline incident, it will hit Americans in the pocketbook at the pump,” says Tony Turner, vice president of security solutions at Fortress Information Security, a Florida-based company that specializes in the security of critical infrastructure. “Colonial was negligent in their responsibilities to properly secure their environment, and all of us are paying for it.”
Why We Wrote This
Understanding cyberthreats can make it easier to respond instead of react. We start with answers to three key questions about the Colonial Pipeline hack.
Last Friday, Colonial Pipeline shut down its 5,500-mile-long East Coast gasoline pipeline due to cyberattack. The pipeline, which runs from Houston to the New York City area, provides the eastern section of the United States with almost half of its transportation fuel.
The firm acknowledged on Saturday that its corporate computers had been hit by a ransomware attack, in which a criminal organization encrypts a target’s computer data, essentially holding it hostage until the target pays a ransom. The pipeline was shut down apparently as a precaution to block the malware affecting the corporate data from traveling into its pipeline control system, with potentially far-reaching results.
On Monday, the FBI said that a relatively new hacking group based in Eastern Europe or Russia called DarkSide was behind the attack. In brief comments on the subject, President Joe Biden said that the Russian government did not appear to be behind the attack. However, he criticized Russian authorities for tolerating criminal hacker groups that target non-Russian corporations and governments.
“They have some responsibility to deal with this,” said President Biden.
Respect: Is it the glue a polarized nation needs?
A group purporting to be DarkSide posted its own statement on the clandestine dark web following the U.S. revelations. It sounded a bit surprised, as if it was not aware of the implications of taking down such an important target.
“Our goal is to make money, and not creating problems for society,” the statement said in part.
Is there a gas shortage?
The Colonial Pipeline attack could have been worse. Pipeline controls appear largely unaffected. Gasoline and jet fuel are very important products, but perhaps not as important as natural gas for furnaces piped into the Northeast in the winter.
“Overall, natural gas provides 40% of American electrical power production, so this is a significant incident, but not near as critical as an incident could [have been] involving pipelines,” says Mark Montgomery, senior adviser to the chairmen of the Cyberspace Solarium Commission, a congressionally mandated group created to devise a strategy for the nation in cyberspace.
That said, the interruption of gas, diesel, and jet fuel supplies comes at a time of year when travel generally begins to increase – and at a time when the pandemic appears to be abating, potentially releasing a huge pent-up national demand for mobility.
Gas prices were already rising – up 6 cents per gallon over the past week, AAA said on Monday – and the ransomware attack may have been pushing them higher still, particularly in the Southeast and mid-Atlantic. Mississippi, Tennessee, and the East Coast from Georgia to Delaware are likely to experience limited fuel availability and extra price hikes, according to AAA.
Panicked buying in areas affected by the pipeline shutdown made things worse, as hoarding drained gas stations dry of reserves. As of Wednesday afternoon, 65% of all gas stations in North Carolina, and 42% in Georgia, Virginia, and South Carolina, were without gasoline, according to GasBuddy, an app that tracks fuel availability and price.
The situation was even worse in metro areas, with some 75% of stations in Raleigh and Charlotte, North Carolina, out of fuel.
Seen in a national context, there is not a shortage of gasoline per se, said AAA spokeswoman Jeanette McGee. There is a transportation problem, with a short-term inability to deliver gas to everywhere it’s needed.
“There is ample supply to fuel the United States for the summer, but what we’re having an issue with is getting it to those gas stations because the pipeline is down,” said Ms. McGee.
Are ransomware attacks increasing?
Ransomware isn’t new. Its first documented use was in 1989 with the PC Cyborg virus, which was transmitted from computer to computer on infected floppy disks, according to a 2017 study of ransomware published by the director of national intelligence.
But U.S. officials believe that it is a particularly malicious type of attack that is liable to make up a larger and larger percentage of the cybercrime directed at vulnerable companies, hospitals, police forces, and other institutions.
Globally, some 1,300 companies experienced ransomware attacks in 2020, according to a study from Emsisoft, an antivirus software firm. In the U.S,. 2,354 schools, hospitals, and government entities were similarly targeted.
Earlier this week, for instance, a hacker group named Babuk that had infiltrated the D.C. Police Department’s computers began releasing personnel files of individual officers, and said that it would publish information on sensitive investigations and informants unless the district government paid it a ransom. Such a slow increase in pressure is a common feature of a ransomware attack.
Critical infrastructure such as pipelines, electrical grids, and water treatment plants may be particularly vulnerable to ransomware.
For them the stakes involved in an attack may be high. Imagine hackers gaining control of a water plant and remotely increasing the percentage of chlorine added to the water – an attack successfully simulated by Georgia Institute of Technology researchers, according to the DNI ransomware report. And many infrastructure computer systems are patchworks created over years, by institutions that did not sufficiently invest in cyber defense.
“Broadly, we have found in a lot of infrastructure that didn’t feel the pressure of criminal behavior 10 or 15 years ago, they did not make that investment. And that’s why we’re vulnerable today,” says Mr. Montgomery of the Cyberspace Solarium Commission.
The Justice Department has formed a task force to try to stop the growing ransomware trend. The point is to develop a strategy to attack the entire ecosystem that allows ransomware groups to thrive. That means identifying links between national governments and ransomware groups, prosecuting those responsible, and curbing services that support the crime, such as online forums where ransomware providers advertise their services.
President Biden also issued an executive order Wednesday, planned since early in his administration, to implement new digital safety standards in the federal government. The order also aims to remove barriers to information-sharing between government and the private sector, improve the security of software supply chains. and standardize the response to cyber incidents.
“While we expect companies to secure their infrastructure, these continued breaches only reinforce the need for a cohesive and cooperative partnership between the government and private companies that operate our nation’s critical infrastructure,” said Sen. Mark Warner, Democrat of Virginia and co-chair of the bipartisan Senate Cybersecurity Caucus, in an email to the Monitor.
“There’s been various discussions on the Hill regarding mandatory breach notification,” said a senior administration official in a press call discussing the executive order. “It’s hard to learn from each incident and ensure that broadly government and companies have information to protect themselves. So we’ve pushed the authority as far as we could and said anybody doing business with the U.S. government will have to share incidents so that we can use that information to protect Americans more broadly.”
You’ve read of free articles. Subscribe to continue.
Help fund Monitor journalism for $11/ month
Already a subscriber? Login
Mark Sappenfield Editor
Monitor journalism changes lives because we open that too-small box that most people think they live in. We believe news can and should expand a sense of identity and possibility beyond narrow conventional expectations.
Our work isn’t possible without your support.
Unlimited digital access $11/month.
Already a subscriber? Login
Digital subscription includes:
Unlimited access to CSMonitor.com. CSMonitor.com archive. The Monitor Daily email. No advertising. Cancel anytime. Subscribe