The myriad weaknesses of the nation’s energy infrastructure were laid bare last week after a ransomware attack halted the flow of nearly half of the East Coast’s supply of gas. Such a demonstration was likely not surprising to cybersecurity professionals, however, who have been sounding the alarm on the vulnerability of national infrastructure for years.
A ransomware attack on Colonial Pipeline, the East Coast’s largest gas pipeline operator, brought the transportation of gas to a halt and demonstrated the power of cybercriminals to bring nation states to their knees. The FBI issued a statement confirming that the compromise resulted from an attack by the DarkSide ransomware group, a criminal cartel allegedly based out of Russia.
DarkSide leverages a so-called “ransomware-as-a-service” approach to criminal activity in which hackers utilize ransomware to extort money from hostages and then kick back a share of the proceeds to the developers of the ransomware, who in return develop more potent tools, according to NPR.
Colonial Pipeline operates a 5,500-mile pipeline network that stretches from Houston, TX to Linden, NJ, and carries 45 percent of the East Coast’s supply of gas, totaling some 2.5 million barrels a day. The entirety of that network was briefly shut down following the attack, and the main pipeline continues to be out of service.
The company issued a press release stating that it preemptively took some systems offline on May 7, which temporarily halted all pipeline operations and resulted in raised fears that summer gas prices would zoom upward.
“Segments of our pipeline are being brought back online in a stepwise fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy, which is leading and coordinating the Federal Government’s response,” the company said.
“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach. This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week.”
In a briefing at the White House covered by the Associated Press, President Biden stated that there is currently no evidence to suggest that the criminals are associated with the Russian government, but that Russia would need to render assistance to the U.S. in rooting them out.
“I’m going to be meeting with President Putin,” Biden said. “So far there is no evidence based on, from our intelligence people, that Russia is involved. Although there is evidence that the actors, the ransomware, is in Russia.”
“They have some responsibility to deal with this,” Biden added.
Roughly 100 gigabytes of data were taken hostage, per the BBC, and it is currently unclear if Colonial Pipeline paid the ransom.
What is clear is that the companies managing America’s vital infrastructure are sorely lacking the security measures they need to adequately combat attacks from bad actors.
This is not a new problem, however. Indeed, the U.S. has generally failed to keep up with even the most basic of efforts to secure and protect its energy infrastructure. A fact that cybersecurity professionals have been pointing out for years.
Five years ago, RedTeam Security made headlines posting videos of their team infiltrating the physical properties of energy sites and uploading simulated malware. Oftentimes, the only security they found preventing them from physically entering vital national infrastructure was a locked door. Sometimes, the door wasn’t even locked.
What is obvious in the wake of the Colonial Pipeline attack is that both the private sector and the government have failed to implement the necessary procedures and technologies to keep the nation safe. It’s past time that the grid was fortified against attack and given all the protection befitting the lifeblood of the American nation.