“This was not a minor goal,” said Amy Myers Jaffe, a longtime energy researcher and author of Energy’s Digital Future. “Colonial Pipeline is ultimately the carotid artery of the US pipeline system. It is the most significant and successful attack on the energy infrastructure that we know of in the USA. We’re lucky if there are no consequences, but it’s definitely an alarm bell. “
The Cybersecurity and Infrastructure Security Agency believes the intrusion is the work of the ransomware criminal gang known as the Darkside, and not a nation-state, according to a security researcher who asked for anonymity to speak freely. CISA did not immediately respond to a request for comment.
Senator Ben Sasse (R-Neb.) Said the attack was the latest indication that the government was unwilling to potentially weaken cyber strikes.
“Of course there is still a lot to learn about how this attack happened, but we can be sure of two things: this is a play that will be performed again and we are not adequately prepared,” Sasse said in a statement. “If Congress takes an infrastructure package seriously, the hardening of these critical sectors should be in the foreground – and not a progressive wish list disguised as infrastructure.”
According to market analysts, fuel imports into the New York port should cushion the blow for drivers in Baltimore and the north. However, if Colonial stays down beyond the start of next week, drivers could start hoarding fuel and prices will rise dramatically even before the normal start of the summer driving season, when prices typically go up.
“Colonial delivers products to terminals every five days,” said Andy Lipow, president of consulting firm Lipow Oil Associates. “There may be some terminals that have been dependent on deliveries yesterday, today, or tomorrow and are immediately affected. However, in four to five days you will see widespread signs of impact, especially if consumers get wind of what is going on. ” and start filling up their cars. “
Colonial said it was working to restore service and return to normal operations. The company said in a statement that it has “proactively taken certain systems offline to contain the threat that has temporarily halted all pipeline operations and affected some of our IT systems.”
The security researcher said the Colonial company hired to help in the effort was Fire Eye, the same company that discovered the massive SolarWinds hack against federal agencies and about 100 companies last year.
The Federal Energy Regulatory Commission said it was working with other federal agencies to monitor developments related to the cyberattack. The FBI and the Department of Energy could not be reached immediately for comment.
Improving cybersecurity in the energy sector has been a key task for several federal agencies. Last month, the DOE and CISA launched an initiative to work with the operation of industrial control systems in the electricity sector and improve cybersecurity detection.
The Colonial Pipeline is the largest refined product pipeline in the United States. It carries 2.5 million barrels a day and about 45 percent of all fuel consumed on the east coast, including gasoline, diesel, jet fuel and heating oil.
The pipeline attack could be litmus for the entire cyber strategy of the Biden administration, which is slowly taking shape. So far, officials have been keen to use sanctions and charges to respond to important events, as evidenced by President Joe Biden’s order last month in response to SolarWinds’ cyber espionage campaign. And the latest development has the potential to put more pressure on the Biden administration and lawmakers as they debate adding cybersecurity funding to the government’s $ 2 trillion infrastructure proposal that has been under scrutiny for cybersecurity funding.
Last year, a crack in the pipeline that went undetected for days or weeks spilled 1.2 million gallons of gasoline in a wildlife sanctuary near Charlotte, NC. And in February, hackers got access to one Computer system of the water treatment plant near Tampa, Florida, trying to increase the amount of sodium hydroxide or lye. Russian military hackers also targeted computer systems that go with it Banks, energy companies, senior government officials and airports in Ukraine in June 2017 as part of the so-called “NotPetya” cyber attack.
The Darkside group is a relatively new player in the ransomware space, but they have quickly made a name for themselves for patience, expertise, sophistication, and large ransom amounts.
“The Darkside ransomware attack campaigns were characterized by the use of stealthy techniques, especially in the early stages.” According to security firm Varonis, which has been investigating multiple violations of Darkside. “The group conducted a thorough investigation and took steps to ensure that their attack tools and techniques escape detection on monitored devices and endpoints.
“The group has claimed it was violating large corporations that can afford to make heavy ransom payments rather than schools, hospitals and other financially troubled but increasingly targeted organizations,” said Varonis.
Sam Sabin and Eric Geller contributed to this report.