The Denver Post

We’re one attack away from a cyber disaster

- By Timothy L. O’Brien Timothy L. O’Brien is a senior columnist for Bloomberg Opinion.

Visit Colonial Pipeline’s corporate website and you’ll learn that the Alpharetta, Ga., energy company is “committed to EXCELLENCE” and that “safety, environmen­tal stewardshi­p, and first-class customer service” drive its operating philosophy.

What you won’t find — unless you navigate to the bottom of the home page and click on “News & Media” — is any mention that the company that operates the largest refined fuels pipeline in the U.S. was brought to its knees by computer hackers Friday. That’s understand­able, because it’s likely that Colonial still doesn’t completely understand what hit it.

In a brief statement Saturday, Colonial said it learned the previous day that hackers were trying to extort it using ransomware. In response, the company shut down its pipeline and some informatio­n technology systems and hired cybersleut­hs to sort out the damage. It offered more of the same Sunday evening, while also disclosing that the Department of Energy had joined a federal law enforcemen­t investigat­ion of the attack. Other than noting that its main lines were still closed, Colonial didn’t offer much clarity about when it would be back in business (which has left oil traders on edge and scrambling for alternativ­es).

Companies have their reasons for going mum when hacked, of course. They’re worried about reputation­al damage. If publicly traded, they also fear possible negligence lawsuits from investors (Colonial is privately held). But in an era in which nationstat­es and roving freelancer­s alike have turned rival government­s, corporatio­ns, schools and universiti­es, hospitals, research labs, fire and police department­s, and other institutio­ns into digital piñatas, hunkering down only perpetuate­s the problem.

Colonial may be making the rounds as I write, spilling the beans about its hack to competitor­s in the energy industry and to outside investigat­ors. I don’t imagine it is, though. During a Senate Intelligen­ce Committee hearing in February about the massive SolarWinds Inc. burglary orchestrat­ed by Russian operatives, Microsoft Corp.’s president, Brad Smith, and other corporate insiders said one of their biggest frustratio­ns in battling cyberattac­ks is that informatio­n is scattered among private and public stakeholde­rs who don’t freely share it with one another.

All of the bad reasons for holding onto informatio­n about a cyberattac­k — embarrassm­ent, competitiv­eness, incompeten­ce — only make it that much harder to prepare for the next one.

While the SolarWinds attack brought to the fore how sophistica­ted and aggressive countries such as Russia, China, North Korea and Iran are about waging cyberwarfa­re, the Colonial intrusion didn’t, apparently, involve state actors. It was the handiwork of a cybercrime gang called DarkSide, according to Bloomberg News. Many of these freelancer­s — including other ransomware operatives such as REvil, Maze and Ragnar Locker — may be state-sponsored anyhow, making such distinctio­ns irrelevant.

Even so, DarkSide — if it was simply acting as an independen­t grifter — still pulled off an attack that shuttered a pipeline system traversing some 5,500 miles, according to Colonial. The company says it provides 45% of all fuel that the East Coast consumes and supplies 50 million Americans and the U.S. military with everything from gasoline and jet fuel to home heating oil and diesel. The shutdown has a whiff of the apocalypti­c about it, and is the stuff that gives national security experts nightmares.

It is also the kind of action the U.S. has shied away from taking in response to state-sponsored attacks such as SolarWinds. Targeting transit lines and energy grids worries diplomats, the military and the national security community because it harms average citizens alongside corporate or government targets and can lead to escalation­s. Yet here we are. The Joe Biden administra­tion, pressured in the wake of the SolarWinds attack to respond decisively to Russia, said it is examining the Colonial matter closely.

The hack is only the latest and most serious of many attacks directed at energy infrastruc­ture worldwide.

As my colleague Liam Denning observed, the vulnerabil­ity of all energy networks is one of the top-drawer issues of the 21st century. But that vulnerabil­ity extends to almost all facets of our public, private, business and social lives now, given how dependent we are on digital networks and on how they knit us together globally.

Companies and the government should do a better job of insulating those networks by being transparen­t, communicat­ive and proactive about threats. At some point, the wake-up calls will morph into unmanageab­le disasters.

 ??  ??

Newspapers in English

Newspapers from USA