U.S. Pipeline Cyberattack Underscores Infrastructure Vulnerability

Colonial Pipeline, with a network that transports fuel from the U.S. Gulf Coast to the East Coast, announced Saturday that a ransomware attack has resulted in a shutdown of its pipelines. According to the Associated Press (AP), Colonial Pipeline supplies approximately 45 percent of the fuel consumed on the East Coast. As of Monday morning, the company’s pipelines remain almost entirely shutdown.

Colonial Pipeline was racing to restart the largest refined-products pipeline in the U.S. after a cyberattack forced the company to shut it down #WSJWhatsNow pic.twitter.com/g6WB5Uz1Er

— The Wall Street Journal (@WSJ) May 10, 2021

“The Colonial Pipeline operations team is developing a system restart plan. While our mainlines (Lines 1, 2, 3, and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational,” the company’s statement said. “We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”

The ongoing incident underscores the danger associated with protecting important infrastructure from cyberattacks. The U.S. Department of Homeland Security (DHS), the Federal Bureau of Investigation, and the Commerce Department are all involved and President Joe Biden was briefed on the situation. “Unfortunately, these sorts of attacks are becoming more frequent,” Commerce Secretary Gina Raimondo said in a television interview. “We have to work in partnership with business to secure networks to defend ourselves against these attacks.”

Eric Goldstein, the executive assistant director for cybersecurity at the DHS’s Cybersecurity & Infrastructure Security Agency issued a statement: “We are engaged with the company and our interagency partners regarding the situation. This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

In additional reporting, the AP said sources identified DarkSide as the attack perpetrator—a fact later confirmed by the FBI. DarkSide fashions itself as the Robin Hood cyber criminals. They publicize that they do not attack hospitals, nursing homes, educational institutions, or governments, and that they give a percentage of their ransomware intake to charity. Not much is publicly known about DarkSide, including where they operate, however, the AP reported “It has been active since August and, typical of the most potent ransomware gangs, is known to avoid targeting organizations in former Soviet bloc nations.” Sources also told the AP that in addition to holding data hostage, the criminals had stolen data as well.

FBI Statement on Compromise of Colonial Pipeline Networks https://t.co/XxHgezpref pic.twitter.com/McrRFOil64

— FBI (@FBI) May 10, 2021

It is unknown at this time if Colonial Pipeline has paid or is negotiating with DarkSide about the ransom. The extent of the invasion has also not been shared publicly. The New York Times reported it is not known if Colonial Pipeline shut down its operations to prevent further infiltration or if DarkSide was able to control the pipelines directly. Colonial Pipeline hired cybersecurity company FireEye, known for its response to the hack of Sony Pictures in 2014, to assist in its response.

There is a substantial inventory of oil and gas reserves along the East Coast, so the disruption has not had significant financial ramifications yet. A prolonged shutdown could be more problematic. “It’s a serious issue,” the Times reported Tom Kloza from the Oil Price Information Service said. “It could snarl things up because it is the country’s jugular aorta for moving fuel from the Gulf Coast up to New York.”

The U.S. Department of Transportation issued an emergency declaration that eases restrictions on the motor transport of petroleum products related to the pipeline incident. The declaration covers a wide swath of states from Texas through the Southern states and up to New York.

For several weeks the Biden Administration has been drafting an executive order designed to bolster the cybersecurity of federal agencies and contractors. The order would call for the development of standards that agencies and contractors must follow, plus requiring agencies to restrict access granted to software vendors. It would also require that any vendor working with the federal government report any software vulnerabilities discovered in its products. It also would establish a cybersecurity incident review board.

Another New York Times article reported that it is not yet known if the executive order being drafted would be sufficiently broad to include private infrastructure companies such as Colonial Pipeline. However, the article said, “efforts to regulate minimum cybersecurity standards for companies that oversee critical systems have repeatedly failed, most notably in 2012, when lobbyists killed such an effort in Congress, arguing that the standards would be too expensive and too onerous for businesses.”