Over the past several decades, industries, institutions, and infrastructure have relied more and more on technology to aid in their day to day operations. And with this increasing reliance on one’s and zero’s comes the risk that they will be compromised by more and more cyber attacks, which was made more evident over the last few days as the supplies of gasoline tightened further in parts of the United States on Tuesday as the shutdown of the nation’s biggest fuel pipeline by hackers entered its fifth day.
The 5,500-mile Colonial Pipeline fuel system, which carries nearly half the fuel consumed along the U.S. East Coast, recently came under a ransomware attack that halted operations of this critical energy infrastructure. While it is still too early to determine just how catastrophic an impact this attack will have, the pipeline shutdown will reduce fuel availability in the short term, increasing prices and is forcing refiners to cut production because they have no way to ship the gas.
This ransomware attack on Colonial Pipeline is a stark reminder of the need for more robust cybersecurity in protecting vital infrastructure. The FBI believes the group responsible, a professional cybercriminal group called DarkSide, is based out of Russia or somewhere in Eastern Europe. However, the FBI and President Biden both believe that this has nothing to do with Putin’s government as the evidence points to them just being digital extortionists.
A statement released by the group appears to back up that assumption as they stated their intentions saying, “Our goal is to make money, and not creating problems for society.” While experts say that the ransomware they used avoids targeting computers that use languages from former Soviet republics, therefore pointing in that direction, but that it was not using a sophisticated code, describing it as “pretty standard ransomware.”
Ransomware is nothing new for these sorts of cybercriminals, it’s a type of malware designed to lock computers by encrypting data and demanding payment to regain access. In most cases, failure to pay the hackers results in sensitive information being made public. It is unknown how much money the hackers are seeking, as Colonial has, as yet, not disclosed the amount or whether they intend to pay it. The Biden administration was also quick to say that they are debating whether to advise Colonial, a privately owned company, on whether they should pay the ransom or not.
Regardless, this attack is one of the most disruptive digital ransom schemes reported (the hackers took more than 100 gigabytes of data) and has reignited the debate over poor cybersecurity. Cybersecurity experts have long warned the government and private companies that they are woefully unprepared to adequately protect US critical energy infrastructure. The Transportation Security Administration (TSA) has developed security guidelines for pipeline operators but they remain voluntary.
However, pipeline operators have long expressed their concerns about mandatory cybersecurity rules, and moving pipeline security oversight outside of the TSA, which is part of the US Department of Homeland Security, could create even more issues if it subjects pipelines to overlapping standards. The Association of Oil Pipelines has already stated that it will wait till the conclusion of any investigations before sitting down to discuss beefing up cybersecurity. The Interstate Natural Gas Association of America (INGAA) has also expressed interest in working with Federal authorities to strengthen cybersecurity.
The federal government is taking some steps to encourage companies to harden their systems against attacks, but President Biden has insisted that not only is his administration taking this attack very seriously, arguing that his $2.3 trillion infrastructure plan would offer funds to help “safeguard” critical infrastructure. Whatever the outcome, this latest attack not only highlights that there are massive holes in cybersecurity with regards to the country’s infrastructure, but that something desperately needs to be done to combat the rise of increasingly professionalized groups of digital extortionists.