On May 7, the Colonial Pipeline was subjected to a cyber attack. This resulted in one of the nation’s largest pipelines being shut down for five days, causing gas shortages along the Eastern Seaboard. While there has been a string of serious hacking incidents in recent months, this stands out as it affected critical infrastructure. This is without doubt the worst known cyber attacks against the U.S. infrastructure so far.
The Colonial Pipeline runs 5,500 miles from Houston to New York. It is responsible for 45 percent of the East Coast’s fuel, normally supplying three million barrels of gasoline, diesel and jet fuel a day. This is obviously a vital artery in America’s energy infrastructure so the fact that hackers managed to breach its systems is a pretty big deal.
The hackers conducted a ransomware attack, where the intruder will block access to data or computer systems until paid a ransom. Ransomware has become an increasingly serious problem in recent years, especially now that cryptocurrencies like Bitcoin allow criminals to receive payments in transactions that are difficult to track. In the case of Colonial Pipeline, the hackers reportedly stole 100 GB worth of data. Colonial reportedly paid nearly $5 million in crypto to the ransomers.
The perpetrators are a group known as DarkSide, an extortion group that is believed to originate from Eastern Europe. According to President Biden, the hackers likely live in Russia but are not affiliated with the Russian government. DarkSide claims that it was motivated solely by financial gain and did not intend to cause disruption. “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives,” read a statement from DarkSide. “Our goal is to make money, and not creating problems for society.” The group has also pledged to be more careful about picking it’s targets in the future.
The fact that Colonial’s business computer systems were breached, not the operational network, indicates that DarkSide is being honest about their motives. In fact, the pipeline was not taken offline by the hackers but rather by Colonial themselves as a proactive measure to contain the threat.
Regardless of the DarkSide’s intention, the result has been very disruptive for the southeastern United States. More than 60 percent of gas stations in North Carolina are without fuel, as are over 40 percent of the stations in Georgia and South Carolina. Panic buying has led to long lines and physical fights at the pump. Some people have even filled plastic bags with gasoline, prompting officials to issue warnings against doing so. The pipeline began to resume operations on Wednesday, but it will be some time before things return to normal.
The Biden administration has responded by waiving certain regulations in order to deliver fuel to affected regions, such as highway weight restrictions and the Jones Act. An emergency declaration has also been issued in 17 states and DC. President Biden has urged the public to stay calm and warned against price gouging. The President has also not ruled out retaliatory cyber attacks against the hackers, and the Justice Department has created a task force to prosecute them to the fullest extent of the law.
Transportation Secretary Pete Buttigieg has called the attack a “wake-up call.” He’s right. Texas in particular needs to take cybersecurity very seriously given its extensive energy infrastructure, infrastructure that was just proven vulnerable. Future attacks could target not just pipelines but refineries as well. Dealing with cyber threats will not just require a whole-of-government response but significant effort from the private sector as well. There’s no one silver bullet; a multitude of improvements will be needed to secure the United States’ critical infrastructure. These could range from technological solutions like formal methods to policy reforms like a cyber NATO. Biden’s infrastructure bill might be a good place to start implementing the necessary changes.
The Colonial Pipeline attack should serve as a warning that clear and present dangers exist in cyberspace, an area where norms and policies have struggled to keep up with the threat. While this incident appears to have been a group of criminals accidentally creating disruptions, cyber attacks could also come from terrorist groups or adversarial nation-states that actually intend to cause physical harm. As the world becomes more networked and technologies like artificial intelligence advance, an already complex threat environment will only grow more so. Welcome to a dangerous new world.