A cyber-attack was conducted against the Alpharetta-based Colonial Pipeline on the Friday the 7th of May 2021, which spans 5,500 miles from Houston to the Port of New York and New Jersey and meets 45% of the East Coast’s fuel needs. This was a ransomware attack and is believed to have been carried out by ‘Darkside’, a criminal hacker syndicate. The attack targeted the business side rather than the actual operational computer systems that directly run the pipelines themselves., however, the company has halted all pipeline operations as a caution.
The Colonial Pipeline, provides nearly half the gasoline, diesel and jet fuel used on the East Coast. The Georgia-based company said it shut down the pipelines as a precaution and has engaged a third-party cybersecurity firm to investigate the incident, which it confirmed was a ransomware attack. It first disclosed the shutdown late Friday and said it has also contacted law enforcement and other federal agencies.
With this major artery shut down, a shortage of heating oil, jet fuel, gasoline and diesel will soon hit the North East. Gas prices are already trending upward, and that’s with a temporary freeze. If the systems that run the pipeline do become compromised, the pipeline may be shut for weeks or even months.
The Department of Transportation has issued an emergency waiver for vehicular transport of fuels, but that’s no long-term solution, particularly when the administration has made clear such hacks are “here to stay.” The United States and its infrastructure will face more cyber-attacks, whether by rival nations or opportunistic criminals.
The attack is just the latest episode in which hackers have gone after critical systems such as water plants, oil refineries, chemical plants or the electric grid — including a notorious incident in which Russia shut off part of Ukraine’s power supply. It’s also part of a growing plague involving ransomware, in which hackers demanding payments have crippled targets such as hospitals, police stations or municipal governments.
Darkside does have unconfirmed Russian ties, and if Russia is directly or indirectly involved in the attack, it means that sanctions have been pointless at this kind of hostile activity.
Cyberwarfare is the warfare of right now. Some critics have pointed to the lack of cybersecurity funding in President Biden’s infrastructure plan. This problem is not one which can be solved solely through spending, but a separate and bipartisan bill is necessary to ensure America does not face worse attacks or lose its ability to retaliate.
National infrastructure projects should be developed with security in mind, and aging hardware and software should be replaced. All government agencies and government adjacent corporations must put each employee through training exercises, with serious penalties for noncompliance. America must not allow Chinese or Russian hackers to jeopardize our critical national infrastructure. All of this will cost money. Some spending is indisputably necessary.
Last year, a crack in Colonial’s pipeline that went undetected for days or weeks leaked 1.2 million gallons of gasoline in a nature preserve near Charlotte, N.C. And in February, hackers gained access to a water treatment facility’s computer system near Tampa, Fla., essentially attempting to poison the water supply with a huge influx lye. Russian military hackers also targeted computer systems belonging to banks, energy firms, senior government officials and airports in Ukraine in June 2017 as a part of the so-called “NotPetya” cyberattack. Federal prosecutors have accused Iranian hackers of trying to infiltrate the controls for a dam in upstate New York.
The Darkside group is a relatively new player in the ransomware space, but it has quickly gained a reputation for patience, competence, sophistication and large ransoms. “The Darkside ransomware attack campaigns stood out for their use of stealthy techniques, especially in the early stages,” according to the security firm Varonis, which investigated several Darkside breaches. “The group performed careful reconnaissance and took steps to ensure that their attack tools and techniques would evade detection on monitored devices and endpoints.