A cyberattack forced the temporary closure of one of the largest pipelines in the United States on Friday, underscoring already heightened concerns about vulnerabilities in the country’s critical infrastructure.
The operator, Colonial Pipeline, said Saturday that the incident involves ransomware.
The attack comes amid growing concerns about cybersecurity vulnerabilities in critical U.S. infrastructure after recent incidents, and after the Biden administration last month launched an effort to bolster cybersecurity in the country’s power grid, calling on industry leaders to install technologies that could thwart attacks on the electricity supply.
Colonial Pipeline, which transports more than 100 million gallons of gasoline and other fuels daily from Houston to New York Harbor, according to its website, said it learned of the cyberattack on Friday, causing it to pause operations.
“In response, we proactively disconnected certain systems to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems,” the company said in a statement.
Colonial said it hired a third-party cybersecurity firm to launch an investigation into the “nature and scope of this incident” and contacted law enforcement and other federal agencies. A FireEye spokeswoman confirmed to CNN Saturday night that FireEye Mandiant had been hired to manage the investigation.
The U.S. Cybersecurity and Infrastructure Security Agency It is “committed to the company and our interagency partners regarding the situation,” Eric Goldstein, deputy executive director of CISA’s cybersecurity division, said in a statement Saturday. “This underscores the threat that ransomware poses to organizations, regardless of size or sector,” he said. “We encourage all organizations to take steps to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
President Joe Biden was briefed on the shutdown Saturday morning, a White House spokesman said.
“The federal government is actively working to assess the implications of this incident, avoid supply disruptions and help the company restore pipeline operations as quickly as possible,” the White House spokesman said.
A White House official said an analysis is underway to determine if supply could become a problem after the event. The White House is planning several scenarios, the official said, and is working with state and local authorities to determine what steps should be taken to help mitigate any potential impact on supply, if necessary.
Cybersecurity has been a major focus following two alarming incidents: the SolarWinds intrusion campaign by suspected Russian hackers that compromised nine U.S. agencies. And dozens of private organizations, and the China-linked attack of Microsoft Exchange Server vulnerabilities that exposed tens of thousands of systems around the world. – as well as a high-profile, albeit failed, cyberattack in Florida earlier this year that sought to compromise a water treatment plant.
Ransomware attacks have worsened over the years, with recent targets as varied as state and local governments, hospitals, and police departments. Cyberattacks involve a type of malicious software that locks the victim’s computer and renders it unusable until the victim pays the attacker, often in Bitcoin.
A Department of Energy spokesperson said the department “is coordinating with Colonial Pipeline Company, the energy industry, states and interagency partners to provide situational awareness and support response efforts to this incident.” “The DOE is also working closely with energy sector coordination councils and energy information analysis and exchange centers, and is monitoring any potential impacts on energy supply,” the spokesperson said in a statement to CNN.
Colonial said Friday it is “taking steps to understand and resolve this problem.”
“Right now, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this issue and minimize disruptions for our customers and those who rely on Colonial Pipeline,” the company said.
Colonial, founded in 1962, says it transports about 45% of all fuel consumed on the East Coast. The pipeline system that stretches for more than 5,500 miles has two main lines: one for gasoline and one for things like diesel and jet fuel.
The company also had to suspend its pipeline in 2017 when Hurricane Harvey hit the Gulf Coast. The pipeline was shut down for 11 days in September 2016 due to an underground leak and in November 2016 due to a deadly fire that broke out along a section of the pipeline in Alabama.
Understanding and Analyzing the Incident
Undoubtedly, this news provoked all kinds of responses (analysis and opinions) from communities, local, regional, and global. Another major incident attributed to a cyberattack. And this time in a critical infrastructure of one of the “most advanced” countries, or rather, “what more money does it spend” on cybersecurity on critical infrastructure. And certainly, this is one of them.
The incident has already happened. The Colonial Pipeline company, the entire supply chain, consumers, and the global community were shocked to receive the news. Consumers desperately went to the fuel stations to stock up on the fluid so that, according to the media, the reserves would be compromised.
Gas pipelines in the United States of America, and especially this one from Colonial Pipeline, have been considered by DHS as a critical infrastructure for many years. There are countless plans, regulations, regulations, audits, services, contracts, that both the government and Colonial Pipeline have allocated to the cybersecurity of this infrastructure.
The President of the United States of America himself, through a presidential directive, after the incident, reinforced the actions that must be carried out in the critical infrastructure of the country. All related companies will have to redouble the efforts that have already been made. That is, greater budget, greater spending, greater controls, greater audits, etc.
The cause of the incident was due to a Ransomware attack. There is no doubt about it. Those responsible requested a ransom for the company’s computer systems. Finally, Colonial Pipeline agreed to the conditions of the criminals by paying a sum of more than five million dollars.
Many Questions
There are and will be many questions and studies that will be published about this incident. Some of the questions we ask are:
- Ransomware is a known threat. What did they do to prevent it? Did they fall asleep?
- What are the responsible government agencies?
- How was so much money spent over the years on critical infrastructure security?
- What is the technical explanation of the incident?
- What happened to the selling price of the fuel?
- Was there disruption of other services?
- What were the first, second, and third-order effects?
- What were all the consequences of the incident?
- How did an attack on the company’s computer systems end up stopping production?
- What will happen to the insurance policies of the companies?
- Is bolstering security by doing more of the same going to mitigate industrial cyber risk?
- How should this problem be addressed?
- What is the government of the United States of America doing wrong?
- What is Colonial Pipeline doing wrong?
- What did the companies that provided the industrial cybersecurity services to Colonial Pipeline do? What do they say about it?
- Can this and similar types of threats be avoided? How?
- Was the reaction of the media the right one?
- Was the reaction of the population the right one?
- Is the new directive of the President of the United States of America the right one?
- Did they do well to pay the ransom?
- Will those responsible be caught?
- How does it affect other countries?
Source: Link
Get Involved & Participate!
Comments