No products in the cart.
A shutdown that lasts longer than a few days could cause gasoline prices to rise above $ 3 a gallon in the southeastern United States, market analysts said. This could deepen the political risks the incident poses for Biden and fuel his efforts to focus the country’s energy agenda on promoting clean sources and tackling climate change.
That means a lot depends on how quickly Colonial can restart the pipelines – which in large part depends on whether the company’s cyber advisors can determine whether it is safe to do so.
“You will find out in the first 24 to 72 hours,” said Rob Lee, CEO of the cybersecurity company Dragos and an expert on the risks of industrial computer systems. He added that if the attack were limited to Colonial’s business computer systems, “I think it will be relatively short-lived.”
Even so, the attack is only the most recent episode in which hackers tracked critical systems such as water facilities, oil refineries, chemical plants or the power grid – including an infamous incident in which Russia cut off part of Ukraine’s electricity supply. It’s also part of a growing ransomware plague, where hackers demanding payment have crippled targets like hospitals, police stations, or local governments.
This could be the worst successful attack the US has faced to date.
“This was not a minor goal,” said Amy Myers Jaffe, a longtime energy researcher and author of Energy’s Digital Future. “Colonial Pipeline is ultimately the carotid artery of the US pipeline system. It is the most significant and successful attack on the energy infrastructure that we know of in the USA. We’re lucky if there are no consequences, but it’s definitely an alarm bell. “
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency believes the intrusion is the work of the ransomware criminal gang known as the Darkside, and not a nation-state, according to a security researcher who asked for anonymity to speak freely. Agencies like the FBI, the Department of Energy, the Federal Energy Regulatory Commission and the Transportation Security Administration also responded to the incident, while lawmakers in committees like the Senate have asked Homeland and House Intelligence for information.
CISA – which has since lacked a permanent boss – President Donald Trump fired the last in November – said in a statement Saturday that it is “working” with Colonial and other federal agencies to address the incident. “We encourage every organization to take steps to strengthen their stance on cybersecurity and reduce exposure to these types of threats,” said Eric Goldstein, associate general manager of the agency’s cybersecurity division.
Biden last month appointed National Security Veterans to run both CISA and a newly created White House office to lead the president’s cyber strategy and oversee the agencies’ digital security. POLITICO previously reported complaints from some lawmakers that Biden was slow to fill the latter role.
Senator Ben Sasse (R-Neb.) Said Saturday the attack was the latest indication that the government was unwilling to potentially weaken cyber strikes.
“There is of course still a lot to learn about how this attack happened, but we can be sure of two things: this is a play that will be performed again and we are not adequately prepared,” Sasse said in a statement. “If Congress takes an infrastructure package seriously, the hardening of these critical sectors should be in the foreground – and not a progressive wish list that disguises itself as infrastructure.”
The government agency with direct responsibility for pipeline cybersecurity is TSA, which has been criticized by auditors for being understaffed and unprepared for the job.
Senator Ed Markey (D-Ma.) Said the federal government had long neglected to pay due attention to pipeline safety, referring to a report from the US Government Accountability Office that said the TSA only had six Full-time pipeline security staff still had 2019.
“While we need more information about the circumstances that enabled the cyberattack on the Colonial Pipeline, we cannot ignore the long-standing inadequacies that enabled and enabled cyber intrusion into our critical infrastructure,” he said in a statement.
The FBI and FERC also said they are working with other federal agencies to monitor developments related to the cyberattack, while the Department of Energy said it is working with states and the energy sector to monitor possible fuel shortages. The Pipeline and Hazardous Materials Safety Administration, the division of the Department of Transportation that investigates pipeline accidents and clears for restart after shutdown, did not immediately answer questions.
According to market analysts, the fuel imports into the New York port should cushion the blow for drivers in Baltimore and in places in the north. However, if Colonial stays past the start of next week, drivers could start hoarding fuel and prices will rise dramatically even before the normal start of the summer driving season, when prices typically go up.
“Colonial delivers products to terminals every five days,” said Andy Lipow, president of consulting firm Lipow Oil Associates. “There may be some terminals that have been dependent on deliveries yesterday, today, or tomorrow that are affected immediately. However, in four to five days you will see widespread signs of impact, especially if consumers get wind of what is going on. ” and start filling up their cars. “
Colonial said it was working to restore service and return to normal operations. The company said in a statement that it has “proactively taken certain systems offline to contain the threat that has temporarily halted all pipeline operations and affected some of our IT systems.”
Mandiant, a division of cybersecurity firm FireEye, is investigating the violation of colonial rule, a FireEye spokesman confirmed in a statement to POLITICO. FireEye is the same company that found out last year that the federal government and about 100 companies were victims of the massive SolarWinds hacking campaign the US blamed Russia for.
Lee, the CEO of Dragos, said a key question was whether the ransomware attack directly infected not only Colonial’s business computers – called IT systems – but also the “operational” systems that run the pipelines. If so, he said, the attack could “be much more effective” and add “days or weeks” to the shutdown.
The Colonial incident underscores how cyberattacks can disrupt the country’s critical infrastructure without directly damaging that equipment. Infrastructure operators suffering from computer interference often close certain functions or facilities to prevent the problem from spreading further. In this way, what appears to be a minor breach of a payroll or email system can create cascading effects that cause companies to shut down manufacturing, power distribution, or other critical operations.
Improving cybersecurity in the energy sector has been a key task for several federal agencies. Last month, the DOE and CISA launched an initiative to work with the operation of industrial control systems in the electricity sector and improve cybersecurity detection.
The Colonial Pipeline is the largest refined product pipeline in the United States. It carries 2.5 million barrels a day and about 45 percent of all fuel consumed on the east coast, including gasoline, diesel, jet fuel and heating oil.
The pipeline attack could be litmus for the entire cyber strategy of the Biden government, which has been slowly evolving – and has largely focused, at least in public, on responding to Russian and Chinese cyber espionage campaigns that have been far-reaching, but physical sabotage was neglected. So far, the government’s main tools have been sanctions and indictments, according to a regulation Biden issued last month in response to Russia’s SolarWinds cyber campaign.
The latest development has the potential to put more pressure on the Biden government and lawmakers as they debate adding cybersecurity funding to the $ 2 trillion government infrastructure proposal that was being scrutinized for lack of funding for these needs.
The country’s critical energy grids and other critical systems have faced a range of threats, including both cyberattacks and delayed maintenance.
Last year, a crack in the Colonial pipeline that went undetected for days or weeks leaked 1.2 million gallons of gasoline in a wildlife sanctuary near Charlotte, NC. In February, hackers essentially gained access to the computer system of a water treatment plant near Tampa, Fla. In an attempt to poison the water supply with a giant caustic solution. In June 2017, Russian military hackers also attacked computer systems of banks, energy companies, high-ranking government officials and airports in Ukraine as part of the so-called “NotPetya” cyber attack. Federal prosecutors have accused Iranian hackers of attempting to infiltrate controls on a dam in New York state.
The Darkside group is a relatively new player in the ransomware space, but they have quickly made a name for themselves for patience, competence, sophistication, and large ransom amounts.
“The Darkside ransomware attack campaigns were characterized by the use of stealthy techniques, especially in the early stages,” said Varonis security firm, which investigated several Darkside violations. “The group conducted a thorough investigation and took steps to ensure that their attack tools and techniques escape detection on monitored devices and endpoints.
“The group has claimed it wanted to violate large corporations that can afford to make heavy ransom payments rather than schools, hospitals and other financially troubled but increasingly targeted organizations,” said Varonis.
The DHS has said it is trying to involve the entire private sector in the fight against ransomware by giving companies greater incentives to improve their cybersecurity. “If you think you’re invulnerable to a cyberattack … or are isolated from it, you’re probably putting a bigger target on your back,” DHS Secretary Alejandro Mayorkas said Wednesday during a US Chamber of Commerce event.
A TSA spokesman said late Saturday that the agency and CISA “will be working with the pipeline industry in the coming days to share information from this incident and provide support from our collective resources.”
Sam Sabin contributed to this report.