Colonial Pipeline Company discovered Friday it had fallen victim to a ransomware cyberattack that subsequently disrupted business and forced the operator to put certain systems of the domestic pipeline offline. As a result, all pipeline operations were suspended and impacted a portion of the company’s IT system.
While these types of attacks typically involve hackers trying to steal data for a large sum of money to return it, the Colonial Pipeline breach has emerged as an attack on the critical energy infrastructure of the United States. This particular pipeline is a key component as it transports over 100 million gallons of product for a distance of 5,500 miles connecting Texas and New Jersey.
In an attempt to assess the situation and investigate the breach, Colonial Pipeline sought the assistance of a private cybersecurity firm. FireEye Mandiant was selected to provide insight and direction moving forward. With the restoration of normal operations sought, the pipeline operator emphasized that safety and efficiency were key factors of the process.
“Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have already launched an investigation into the nature and scope of this incident, which is ongoing,” Colonial Pipeline said in a statement. “We have contacted law enforcement and other federal agencies.”
Identifying the Suspect
According to a former senior cyber expert, the criminal group, DarkSide, who got its start in Russia, is suspected to be responsible for the Colonial Pipeline attack. Touting an image of stealing from the rich and giving to the poor, the organization previously published a press release indicating it would refrain from targeting hospitals, schools, non-profits, or the governmental sector.
Having gained substantial attention in the past, Kaspersky, a cybersecurity company, noted the organization’s cunningness with its professionally presented website and its attempts to partner with the media and other decryption firms.
Governmental Response
“The federal government is working actively to assess the implications of this incident, avoid disruption to supply, and help the company restore pipeline operations as quickly as possible,” said a Whitehouse spokesperson as President Biden was informed of the incident on Saturday.
While the FBI is responsible for cyberattack incident investigations, the Colonial Pipeline breach falls to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency because the pipeline itself is a component of domestic infrastructure.
“This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats,” said Eric Goldstein, the CISA Executive Assistant Director of the Cybersecurity Division.
In response to the incident, the House Homeland Security Committee participated in a ransomware hearing throughout last week in its entirety. In the near future, Representative Yvette Clark indicated she would announce the “State and Local Cyber Security Improvement Act.” The specifics include $500 million in cyber grants to state, local, territorial and tribal governments. The identified goals involve strengthening cybersecurity and the prevention of ransomware attacks.
According to cbsnews.com, the recent Colonial Pipeline attack surfaced after the Biden administration engaged in a plethora of sanctions against Russia in response to recent meddling that included the SolarWinds cyber espionage campaign. According to CISA, the SolarWinds intrusion gave cybercriminals clear passage to 18,000 government and private computer networks. A small number of the total were actual targets of espionage.
No matter the event or fault, the Biden administration has been called to the carpet by cybersecurity experts. Their concern is the continuous threat, and they are requesting that the national digital infrastructure be fortified.
“It’s clear that we’re in the midst of a new normal of cyber-enabled malicious activity. The status quo costs American businesses and government agencies hundreds of billions of dollars a year in lost productivity, fraud, and disrupted operations,” said former CISA director Christopher Krebs and Matthew Masterson, former CISA cybersecurity advisor, in an April op-ed in The Hill. “Congress needs to pass a comprehensive digital infrastructure investment bill that authorizes and funds grants to state and local agencies to modernize their technology platforms and obtain the support they need to manage those systems and safeguard against cyber attacks like ransomware.”
Previous Pipeline Shutdowns
Colonial Pipeline delivers gasoline, jet fuel, diesel, and other refined products from Gulf Coast refineries to customers based throughout the southern and eastern portions of the country. Any disruption can result in increased prices at the pump. Due to various events, the pipeline was shut in at different times over the past 20 years.
- October 2002: Hurricane Lili
- September 2002: Hurricane Gustav
- December 2004: Maintenance Prompts Emergency Work
- August 2005: Hurricane Katrina
- May 2007: Gasoline Section Replaced
- September 2008: Hurricane Ike
- August 2011: Earthquake
- December 2011: Leak in Alabama
- October 2012: Super Storm Sandy
- December 2012: Repair Failure
- June 2013: Valve issue
- October 2014: On-Site Inspection Raised Issue
- November 2014: Block Valve Issue
- April 2015: South Carolina Breach
- September 2015: Leak in Virginia
- November 2015: Integrity Issue
- January 2016: System Issue
- April 2016: Integrity Problem
- September 2016: Alabama Leak
- October 2016: Alabama Explosion
- January 2017: Nashville Leak
- August 2017: Hurricane Harvey
- March 2018: Potential Leak
- April 2018: Potential Integrity Issue
- May 2018: Issue Caused Precautionary Shutdown
- October 2018: Hurricane Michael
- April 2019: Product Release Report
- August 2020: System Issue
- October 2020: Hurricane Delta
While previous shutdowns were due to Mother Nature and environmental concerns, this latest attempt made against the pipeline appears to be the first of its kind. With the current state of affairs, the country waits with price increases and supply shortages looming in the near future. Progress will be tracked and accessed as the world waits for a solution and a return to business as usual.
Nick Vaccaro is a freelance writer and photographer. Besides providing technical writing services, he is an HSE consultant in the oil and gas industry with eight years of experience. He also contributes to Louisiana Sportsman Magazine and follows and photographs American Kennel Club field and herding trials. Nick has a BA in Photojournalism from Loyola University and resides in the New Orleans area. 210-240-7188 [email protected]
.
