Pipeline cyberattack shows grid’s vulnerabilities
Operator says line will be back in service by end of week
A major fuel pipeline that was shut down after a brazen cyberattack probably will come back online by week’s end, officials said Monday, as security experts warned the nation must take more seriously persistent vulnerabilities in America’s aging energy infrastructure.
The Colonial Pipeline running from Houston to New Jersey, supplying the East Coast with 45 percent of its fuel, was taken o±ine Friday after a hacker group known as DarkSide threatened to expose private data unless the Georgia-based company paid a fee — known as a “ransomware” attack.
Several cybersecurity experts said the incident represents the biggest known cyberattack on U.S. energy infrastructure. On Monday, Biden administration officials sought to assuage fears that the attack could lead to price spikes, fuel shortages or panicked buying up and down the East Coast, and Colonial announced that it already restarted some service.
Yet like the Colonial pipeline, which is more than 40 years old, the country is full of “legacy assets” equipped with more recent digital technology “that’s been bolted on top,” said Lev Simonovich, a vice president at Siemens Energy specializing in security.
“As they get more connected, they also become more vulnerable,” he said.
Such “ransomware” attacks have become a global scourge, impacting banks, hospitals, universities and municipalities in recent years. Almost 2,400 organizations in the United States were victimized last year alone, one security firm reported. But the attackers are increasingly targeting industrial sectors because these firms are more willing to pay up to regain control of their systems, experts say.
Utilities, pipelines and refineries maintain a critical network of energy supply, without which the country would shut down, but they have become so much a part of Americans’ mental landscape that they typically go unnoticed, except during spectacular failures like the Texas freeze-up in February.
“The problem is real, it’s pretty widespread, and it’s going to take a systemic approach to address it,” Simonovich said.
The FBI is investigating the attack as a criminal matter and on Monday issued an official statement confirming DarkSide was responsible.
The Washington Post reported Saturday that federal officials believed DarkSide, a criminal ransomware group based in Eastern Europe, was behind the attack.
“So far there is no evidence from our intelligence people that Russia is involved,” President Joe Biden said Monday.
“Although there is some evidence that the actors’ ransomware is in Russia. They have some responsibility to deal with this.”
A White House task force formed to deal with the attack and the Department of Transportation temporarily relaxed rules to allow greater flexibility on fuel transport.
Fuel price futures climbed more than 1 percent in anticipation of a possible shortage, but as of Monday, the average price for a gallon of gas was still $2.96, according to AAA.
Some 5,500 miles of Colonial pipeline move fuel from Gulf Coast refineries to customers in the southern and eastern United States. The company says the pipeline reaches 50 million Americans and several major airports, including Hartsfield-Jackson in Atlanta.
On Monday, Colonial Pipeline said that maintaining the pipeline’s operational security and getting systems safely back online were its highest priorities.
In April the Biden administration launched a 100-day plan to improve cybersecurity in the electric grid, which Lee McKnight, associate professor at Syracuse University’s School of Information Studies, said was way too optimistic.
“Even if better than nothing, the idea that there is a 100-day fix is just not realistic,” he wrote in an email.
One problem, said Marty Edwards, vice president of operational technology for Tenable, a cybersecurity firm, and a former senior DHS cyber official, is that there’s no down time for energy technology, and that makes it difficult to update their software to protect against hacks.