Colonial Pipeline Incident: What Happened and Why It Matters
From David London, Managing Director at The Chertoff Group, writing for Homeland Security Today…
On Saturday, May 8, Colonial Pipeline confirmed that its information technology (IT) systems were compromised by a ransomware attack. As a precaution, Colonial temporarily halted operational technology (OT) functions across four of its mainlines that transport gasoline, diesel, and jet fuel, stretching from Texas to New Jersey. This is not the first cyber-attack on a gas pipeline, and the Colonial Pipeline has experienced previous interruptions for noncyber reasons. That said, this shutdown affects a pipeline that supplies approximately 45% of the gasoline and diesel fuel used on the U.S. East Coast.
Colonial’s CEO cautioned state officials on May 10 to be ready for possible fuel shortages, although the company also expected to resume full service by the coming weekend.
The U.S. Department of Transportation’s Federal Motor Carrier Safety Administration issued a temporary hours of service exemption to create more flexibility for truckers transporting gasoline, diesel, jet fuel and other refined petroleum products to the affected areas.
In addition, reports indicate that the attackers stole more that 100GB of data prior to encrypting Colonial’s network. This event is consistent with recent ransomware trends targeting and crippling critical infrastructure (CI) while also exfiltrating sensitive data (known as “double extortion”).
The Federal Bureau of Investigation has confirmed that DarkSide ransomware is responsible for the compromise of Colonial networks. In a public statement DarkSide claimed, “We are apolitical, we do not participate in geopolitics. Our goal is to make money and not creating problems for society.”
The Larger Picture
Ransomware attacks on industrial systems are increasing in frequency and severity. Over the past year, there has been an observed rise in ransomware attacks on industrial systems like energy infrastructure and manufacturing plants. These attacks have not necessarily infected operational networks, but victims, like Colonial, have been compelled to suspend operations as a precautionary measure. While the disruption to the US gasoline fuel supply chain was apparent, some commentators have suggested that the impact of a natural gas supply chain attack could be far more severe. Natural gas, which will account for over a third of total US electricity generation this year, is often delivered on a “just-in-time” basis to power plants.
For the rest, click here.