By Aara Ramesh
The fallout of last week’s ransomware cyberattack on Colonial Pipeline continues. On Wednesday, May 12, the Biden–Harris administration announced that it was implementing an All-of-government plan to combat fuel shortages resulting from the attack, with the president also issuing an executive order detailing how the federal government plans to tackle the rising threat of cybercrime.
On May 10, DarkSide, an organized crime group that is thought to be based in Eastern Europe, possibly Russia, targeted the largest energy pipeline in the U.S., forcing it to shutdown its entire 5,500-mile network, which runs from the Gulf Coast, through Houston, all the way up to New York. As ransom, the group demanded almost $5 million in the cryptocurrency bitcoin, according to sources. The attack did not affect the pipeline itself but, as a precaution, Colonial had to power it and the information systems down, until it was able to ensure the safe flow of fuel.
The Colonial Pipeline supplies 14 states and Washington DC, accounting for just under half of all fuel consumed on the East Coast. Given the critical role it plays in energy distribution for one of the most populous regions of the country, it is unsurprising that its closure has resulted in acute fuel shortages in the southeast, leading to consumers panic-buying gas. In turn, gas prices have increased — on May 12, the average price of gasoline breached the $3 per gallon mark, the highest it’s been since late 2014.
In order to immediately address these consequences, President Biden has issued orders across all government offices to “help alleviate shortages where they are occurring.” As part of the comprehensive response, Biden has tasked an inter-agency response group with evaluating the situation and suggesting solutions in real time. The goal is to ensure the uninterrupted supply of fuel to communities on the East Coast. The White House has also been implementing steps to make it easier and quicker to transport fuel through alternate means, including ship, rail, and tankers. Some of the measures already taken include waivers on environmentally non-compliant fuel, and on labor regulations, to allow drivers transporting fuel to the affected areas to work in a more flexible manner. However, tankers have a limited carrying capacity, so there is only that much help they can provide.
Late in the evening on May 12, Colonial announced that it had restarted its operations, but took pains to caution that a full return to service would take several days. Meanwhile, the company’s employees are manually operating the fuel-pumping process, which is grueling and time consuming. Sources say that the company has not paid the ransom, and, in fact, may be able to restore its systems without doing so because of its fast response to the attack. Allegedly, the company and federal authorities have been able to recover its stolen information working off domestic servers and saved back-ups.
Some government sources have said that if the pipeline is not operational in the next 3–5 days, mass transit will be affected. In 10 days, air travel out of the southeast could be completely suspended. Though the government cannot order the privately owned company to do much, it has said that it is “prepared to issue orders to direct Colonial Pipeline to prioritize fuel” for those places that are suffering particularly severe shortages.
In the executive order he issued, Biden narrowed in on the rising threat of cybercrimes. Ransomware attacks have become the crime du jour for organizations based abroad, most of whom seem to be operating out of Russia and its allied countries, knowing full well that there is little the U.S. federal government can do to stop or prosecute them. Last year alone, over 2,200 local governments, police departments, educational institutions, hospitals, and thousands of businesses were attacked, leading to huge financial losses, “in the tens of billions.” Fearing a loss of reputation, most private companies do not even report hacks, nor do they have systems in place to protect and ward off these attacks — something that President Biden is no doubt aware of, going by the particulars of the executive order.
The president stressed the need for public–private cooperation to combat cyberattacks and called for the removal of barriers to sharing threat information. The order says the federal government is committed to taking “decisive steps to modernize its approach to cybersecurity,” while also respecting private and civil liberties. There are plans to establish a Cyber Safety Review Board under the purview of the Department of Homeland Security and the Attorney General. The hope is to build networks that are resilient in the face of attacks, as well as institute an infrastructure that is better able to identify potential vulnerabilities and threats well in advance.
The executive order also lays out a roadmap for securing critical energy supply chains, under the supervision of the FBI. If nothing else, the Colonial attack seems to have been an eyeopener to how dated and lacking the country’s cyber infrastructure is. Cybersecurity experts believe that DarkSide and its associates are not particularly sophisticated hackers. Indeed, one even said, “An eighth-grader could have hacked into that system.” At the very least, private and public entities now seem to be approaching this rising threat with the serious consideration it deserves.