Last week, cars could be seen lining up at gas stations throughout the Southeastern part of the nation after a cyber attack on the Colonial Pipeline, which is the country’s biggest fuel pipeline system, created serious problems. Colonial ships gas and jet fuel from Texas’s Gulf Coast to the East Coast across 5,500 miles; more than 50 million consumers are served by the pipeline.
The company was the victim of a cyber attack involving ransomware that saw their computer systems encrypted and a ransom demanded to regain access. The party responsible for the attack is an extortionist ring known as DarkSide, which has attacked several companies in countries around the world and is believed to be based in Eastern Europe.
Panic led to severe shortages as prices surged by as much as 20 cents per gallon in some areas in just a couple of days. Some drivers lined up at pumps to fill up gas cans, which only exacerbated the issue. The fiasco led to the U.S. government declaring a regional emergency.
In a statement, the U.S. Department of Transportation wrote: "This Declaration addresses the emergency conditions creating a need for immediate transportation of gasoline, diesel, jet fuel, and other refined petroleum products and provides necessary relief."
Although Colonial Pipeline is now up and running once again, it is expected to take a few more days before all gas stations are fully restocked.
CNBC reports that Colonial paid the hackers $5 million as a ransom payment. Security researchers who identified the bitcoin wallet used by DarkSide said they collected at least $90 million in bitcoin ransom payments during the last nine months from nearly four dozen victims, although they believe there may still be more they have not yet discovered.
"This attack is unusual for the U.S. But the bottom line is that attacks targeting operational technology -- the industrial control systems on the production line or plant floor -- are becoming more frequent,” World Economic Forum Center for Cybersecurity Cyber Strategy Lead Algirde Pipikaite said.
"Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants."
Although the U.S. does not rely on foreign oil as much as it did in the past and domestic oil and gas production has kept energy prices low at home as well as abroad, our pipelines and grids remain vulnerable to not only cyber attacks but also extreme weather.
For example, California heat waves and a deep freeze in Texas both caused rolling blackouts during the last year as the demand for power exceeded supply. These issues cost the states in question billions of dollars and left many people dead or homeless. Unfortunately, the Energy Department reports that power outages linked to weather have increased by two thirds in the last 20 years. There are not a lot of easy solutions to these issues, with experts saying that significant investments are needed to make operations more resilient to criminal attacks and weather problems.
It is scary to think that a critical oil pipeline can be taken down so quickly via remote attacks, but perhaps an even more frightening question is: What other aspects of our country’s infrastructure could be so easily compromised?
Sources for this article include: