Ransomware strike closes down major U.S. pipeline- Colonial Pipeline delivers 45% of the fuel consumed on the East Coast.
Aswini Kumar and Thuong Nguyen
Earlier last month, the Colonial Pipeline Company in Linden, New Jersey, which provides the primary source of gasoline, diesel, and jet fuel for half of the U.S. eastern coast, became the victim of a ransomware cyberattack by a group identified as DarkSide located in Eastern Europe, possibly Russia. Being affected some of its information technology systems, the company “proactively” took certain systems offline, caused to shut down all pipeline operations. However, the attack is dubious about impacting gasoline supply and prices unless it leads to an extended suspension of the pipeline, experts said. The shutdown is happening when energy prices have already been rising as the economy reopens further as pandemic restrictions are elevated.
Shortly after this attack, the company paid nearly $5 million to Eastern European hackers last Friday, contradicting its original intention of not paying an extortion fee to restart its pipeline systems. Although some discouraged organizations from paying ransom to hackers because there is no guarantee of their commitments to unlocking files, and it could be an incentive to other hackers, others said they have to pay if their data is encrypted and the company do not have backups and cannot recover the data. Ransomware attacks used malicious software over the networks that encrypt the data and leaves the machines locked until the victims pay the extortion fee. Normally, critical infrastructure companies in the energy and electricity industries also incline to have invested more in cybersecurity than other sectors. If Colonial’s halt was precautionary and spotted the ransomware attack early and was well-prepared, the effect could not be profound.
This kind of incident accentuates the vulnerabilities of critical infrastructure to destructive cyberattacks that threaten to hinder operations. It posts a new challenge for an administration still handling its response to major hacks from months ago, including a vast breach of vital government agencies and corporations for which the U.S. sanctioned Russia last month. These incidents also encourage the White House’s plans to increase the security of utilities and their suppliers due to pipelines’ central role in many parts of the U.S. economy. The latest intrusion could be a rational reason for GOP to agree Biden’s infrastructure spending package, then as soon as possible to be passed by Congress because the U.S. has been suffering vulnerability to cyberattack.
The Biden administration has proclaimed a 100-day initiative in April, embarking on a new effort to aid electric utilities, water districts, and other critical industries protect against potentially destructive cyberattacks, aims to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity. It comprises concrete milestones for them to put technologies into use to spot and respond to intrusions in real-time.
Recently, U.S. President Joe Biden, on May 12, signed an executive order aimed at improving federal cybersecurity capabilities as well as digital security standards in the private sector. The decree has a considerable impact on the government’s ability to detect and respond to cyberattacks. That action represents a significant shift in the government’s mindset from reactive to proactive by setting robust but achievable goals. After three days, the company had returned to normal operations on early Saturday morning, said Colonial Pipeline officials.
The incident shows that cybersecurity is now not a challenge for anyone because it is a pressing global issue for the benefit of every nation and its people, while the nature of the flat world requires many connectivity-dependent things. Currently, an initiative about the international coalition on cybersecurity proposed by British Foreign Secretary Dominic Raab partly reflects the current urgent need to build safe cyberspace for all countries and people in the world. However, how to reconcile interests, differences in approaches and ways of cooperation in cyberspace, disparities in capacity and qualifications between countries are questions that we need to find the answer.
Back to Colonial Pipeline, its current operations utilize state-of-the-art digital technologies, which indicates that the more advanced technology and digital devices are used, the more likely they are to be attacked through “third-party / vendor risks” or “people risk” in operating and controlling these devices. Therefore, when all the essential and vital infrastructure of a country, such as transport, health care, or energy, are connected to the internet, the safety of cyberspace is not guaranteed, which also means the country’s security is at stake. So the question is whether the idea of an international coalition on cybersecurity is still rational.
Taiwan Center for Security Studies 