This weekend, U.S. pipeline operator, Colonial Pipeline, shut down its entire network due to one of the largest cyber-attacks in American infrastructure history.
Colonial Pipeline is one of the largest pipeline operators in the U.S. and operates pipelines that transport gasoline, diesel fuel and natural gas along more than 5,000 miles from Texas to New Jersey, making up approximately 45% of all fuel consumed on the east coast. DarkSide, an Eastern European-based criminal organization is the primary suspect according to U.S. officials, but that has not yet been confirmed.
In an official statement published on their website, Colonial Pipeline stated:
On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems. Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies.
The Biden Administration has been vocal about bolstering the nation’s cybersecurity efforts and is reportedly taking an all hands on deck approach to the situation. Eric Goldstein, Executive Assistant Director of the CISA Cybersecurity division, commented on the attack:
This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.
While there is no ETA for service restoration and no sign this disruption will have an immediate effect on the fuel markets, there is concern that a prolonged shutdown could eventually impact gas supplies and prices – especially with many parts of the country lifting COVID-19 restrictions and the existing discussion around potential fuel shortages this summer.
This attack joins the growing list of high profile ransomware attacks over the last year, and is part of a concerning trend of ransomware gangs targeting companies in the industrial sector due to their willingness to pay and in many cases not report the incident publicly. In fact, CISA released an official warning on ransomware threats last year specifically for pipeline operators following an attack on a natural gas compression facility that caused a two-day shutdown.
The Schneider Downs cybersecurity team has experience working with several clients in the oil and gas industry, with our red team working with multiple SCADA systems. We know first hand how dangerous controls like these can be in the wrong hands and while this case is simply financially motivated, there are many instances where hactivist groups and foreign bodies are simply looking to send a message through cyber-attacks.
Regardless of how the Colonial Pipeline situation is resolved, cybersecurity experts agree that attacks on critical infrastructure in the public and private sector will only continue to grow until organizations can build defenses to keep pace with the ransomware epidemic.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
