Hacked pipeline said to restart by weekend
Energy prices came well off their highs Monday afternoon after the operator of a major petroleum pipeline in the United States said it hoped to have the pipeline “substantially” restored by the end of the week.
The pipeline, which supplies oil and gas to much of the eastern United States, had been shut down over the weekend because of a cyberattack, and concerns about the supply of gasoline had lifted prices by as much as 4.2% earlier in the day and to their highest level since late 2018. By the end of Monday, the average U.S. price was $2.96.
The FBI and officials from the Biden administration identified the culprits as a gang of criminal hackers.
Colonial Pipeline halted operations last week after revealing a ransomware attack that it said had affected some of its systems.
Some 5,500 miles of the Colonial pipeline moves fuel from Gulf Coast refineries to customers in the southern and eastern United States. It says it transports 45% of the fuel consumed on the East Coast, reaching 50 million Americans and several major airports, including Hartsfield-Jackson in Atlanta.
On Monday, U.S. officials sought to soothe concerns about price spikes or damage
to the economy by stressing that the fuel supply had so far not been disrupted, and the company said it was working toward “substantially restoring operational service” by the weekend.
“Right now, there is not a supply shortage. We are providing for multiple contingencies because that’s our job,” Homeland Security Adviser Liz Sherwood-Randall said at a White House news briefing. In bringing the pipeline back online, she said, safety has to be a priority given that the company had never before taken down the entire pipeline.
It’s unlikely the shutdown will translate to major shortages or price increases, but it could have some regional effects in the Southeast if repairs drag on, said Patrick De Haan, head of petroleum analysis at Gas Buddy. Panic-buying will “prolong outages and price spikes,” he warned.
The attack underscored the vulnerabilities of the nation’s energy sector and other critical industries whose infrastructure is largely privately owned. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand large payments to decrypt it.
The Colonial attack was a potent reminder of the real-world implications of the burgeoning threat. Even as the Biden administration works to confront organized hacking campaigns sponsored by foreign governments, it must still contend with difficult-to-prevent attacks from cybercriminals.
“We need to invest to safeguard our critical infrastructure,” President Joe Biden said Monday.
The Justice Department, meanwhile, has formed a ransomware task force designed for situations just like Colonial Pipeline, and the Energy Department on April 20 announced a 100-day initiative focused on protecting energy infrastructure from cyber threats. Similar actions are planned for other critical industries.
Despite that, the challenge facing the government and the private sector remains immense.
In this case, the FBI moved with unusual speed to pinpoint blame, saying the criminal syndicate whose ransomware was used in the attack is named DarkSide. The group’s members are Russian speakers, and the syndicate’s malware is coded not to attack networks using Russian-language keyboards.
Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, said at a briefing that the group emerged just months ago. She said its business model is to demand ransom payments from victims and then split the proceeds, relying on what she said was a “new and very troubling variant.”
She declined to say if Colonial Pipeline had paid any ransom, and the company has not given any indication of that one way or the other. Though the FBI has historically discouraged victims from making payments for fear of promoting additional attacks, she acknowledged “the very difficult” situation that victims face and said the administration needs to look “thoughtfully at this area” of how best to deter ransomware.
Neuberger said the administration is committed to leveraging the government’s huge buying power to ensure that software makers make their products less vulnerable to hackers.
“Security can’t be an afterthought,” Neuberger said at a conference on national security Monday. “We don’t buy a car and only then decide if we want to pay for seatbelts and airbags.”
The U.S. sanctioned the Kremlin last month for a hack of federal government agencies that officials have linked to a military intelligence unit and described as an intelligence-gathering operation. In this case, though, the hackers are not known to be working at the behest of any foreign government.
HACKER STATEMENT
The group posted a statement on its dark web site describing itself as apolitical. “Our goal is to make money, and not creating problems for society,” DarkSide said.
Asked Monday whether Russia was involved, Biden said, “I’m going to be meeting with President [Vladimir] Putin, and so far there is no evidence based on, from our intelligence people, that Russia is involved, although there is evidence that the actors, ransomware, is in Russia.
“They have some responsibility to deal with this,” he added.
U.S. officials have sought to head off anxieties about the prospect of a lingering economic impact and disruption to the fuel supply, especially given Colonial Pipeline’s key role in transporting gasoline, jet fuel, diesel and other petroleum products through 10 states between Texas and New Jersey.
Colonial said Monday that it was evaluating the product inventory in storage tanks at its facilities. Administration officials stressed that the company proactively took some of its systems offline, as opposed to hackers doing it, and that its operating systems were spared.
TRANSPORT RULES LOOSENED
In response to the attack, the administration loosened regulations for the transport of petroleum products on highways as part of an “all-hands-on-deck” effort to avoid disruptions in the fuel supply.
The president also has the option of waiving the Jones Act, which requires ships to be built and flagged in the U.S. and crewed by American workers to transport goods between U.S. ports. Foreign-flagged tankers could help fill any gap caused by the pipeline’s crippling, either transporting fuel from the Gulf Coast to New York or from Europe.
Last year, the Cybersecurity and Infrastructure Security Agency warned pipeline operators about the threat of ransomware. The agency responded to a ransomware attack on a natural gas compression facility in which the attacker gained access to the corporate network and then pivoted to the operational network, where it encrypted on various devices. As a result, the firm shut down operations for about two days, the agency said.
Colonial Pipeline poses specific issues in defending against cyberattacks, said Peter McNally, of the analytical firm Third Bridge.
“This pipeline has mixed both off the shelf and custom [technology] systems, which could complicate potential solutions to the current issue,” he wrote in a note. “There is a tremendous amount of technology involved in this operation, all the way from the inspection of the pipeline to the accounting and financial systems.”