By Irina Slav
Last Friday, a cyberattack prompted the shutdown of the biggest piece of energy infrastructure in the United States, the Colonial Pipeline system that supplies almost half of the gasoline and diesel that the East Coast consumes.
The attack naturally led to higher gasoline prices and a run on gas as drivers worried about looming shortages while Colonial Pipeline Co. worked to restart the flow of fuels.
Yet the higher prices at the pump and a possible shortage of fuel supplies are the smaller problem. It is, after all, temporary, and its effect will be transient. But there is a bigger problem, and it concerns the energy infrastructure of the United States: exactly how secure is it?
As the attack suggests, not very. True, experts said early on that the group that carried out the attack was made up of seasoned hackers. Later, a ransomware group called DarkSide took responsibility for the attack, and the FBI also pointed at the group as the culprit.
Here’s what DarkSide said in its statement: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
The statement clearly seeks to address allegations made that Russia was behind the attack, but even the White House was careful not to point its finger at Moscow, with President Biden saying there was no evidence that it was involved in the attack. That deals with the geopolitical motive, but the statement also suggests that DarkSide and their partners will not stop, even if they did not mean to cause problems. And willingly or not, they are going to cause problems.
“Colonial may be at risk of confidential shipper (customer) data being leaked,” says Vicki Knott, chief executive of CruxOCM, a provider of control room operations services for the oil and gas industry.
“Shipping toll information is public; however, depending on the contract structure Colonial has with its customers, there are likely nuances between customers with respect to guaranteed volumes to be moved and spot volume prices/movements. If leaked, it could result in a confidentiality breach and impact the competitive process between customers – which can further result in a major lawsuit from customers.”
But lawsuits from companies paying Colonial Pipeline Co. to ship their fuel are the least of the problems that cyberattacks on energy infrastructure could cause. A major safety or environmental disaster is a much bigger reason to worry about such attacks if they targeted the control system of the pipeline, according to Knott.
That the attack was possible means that critical energy infrastructure is not very well protected against such breaches. And there’s worse: security experts are talking about a ransomware pandemic.
“Honestly, I think for anyone who’s been tracking ransomware closely, this really shouldn’t be a surprise,” according to Philip Reiner, chief executive of the Institute for Security and Technology, a nonprofit organization. “This is yet another example of what is really a ransomware pandemic that needs to be addressed at the highest level,” he told The Verge following the Colonial Pipeline attack.
If there’s talk about a pandemic, then things must be really serious: if ransomware attacks are so frequent, then it must be a miracle that disasters are not more frequent.
“The Colonial Pipeline cyber attack should be a wakeup call on Capitol Hill” a Tufts University professor told Forbes’ David Blackmon. We need to think holistically about security threats against America’s energy infrastructure — and implement smart policies that will reduce security threats across the entire energy system,” Rockford Weitz, director of the Fletcher Maritime Studies Program, said.
It should also be a wakeup call in company boardrooms as DarkSide and its likes target corporations and not governments. This wakeup call concerns overall security of operations and data protection: issues that seem to be particularly serious in the energy industry.
“The Colonial Pipeline is yet another example of a ransomware attack on poorly protected corporate data, which has affected already exasperated issues within the energy sector,” says Sam Agyemang, co-founder of HaulerHub, a smart logistics platform for shippers and haulers. “As more and more American companies realize this is a threat that is not going away on its own, by updating systems and putting employee data in the hands of employees to manage this can greatly reduce the impact of cyber warfare.”
It seems, then, that the American energy infrastructure has some serious problems to solve. These problems just became a lot more urgent after the Colonial Pipeline outage, but this doesn’t mean they will get a quick solution. Security is a tricky business, and hackers are usually a step ahead, which makes it even trickier.
According to cybersecurity tech firm Cybereason, DarkSide just released a new version of their ransomware.