It should be making officials in the White House tremble. Critical infrastructure supplying 45% of the East Coast\u2019s diesel, gasoline and jet fuel, left at the mercy of a ransomware operation executed on May 6. In the process, 100 GB of data of Colonial Pipeline was seized and encrypted on computers and servers. The next day, those behind the operation demanded a ransom, or the material would be leaked.<\/p>\n
The consequences are telling. The operator, taken offline to enable an investigation to be conducted by US cybersecurity firm Mandiant; fuel left stranded at refineries in Texas; a spike<\/a> in fuel prices at the pump \u2013 up six cents per gallon on the week to $2.967 per gallon of unleaded gasoline. \u201cUnless they sort it out by Tuesday,\u201d warned<\/a> oil market analyst Gaurav Sharma, \u201cthey\u2019re in big trouble.\u201d The impact would be felt first in Atlanta, then Tennessee, perpetuating a domino effect to New York. \u201cThis is the largest impact on the energy system in the United States we\u2019ve seen from a cyberattack, full stop,\u201d opined<\/a> Rob Lee of the cybersecurity firm Dragos.<\/p>\n The company, in unconvincing tones, issued a statement<\/a> that it was \u201ccontinuing to work with third-party cybersecurity experts, law enforcement, and other federal agencies to restore pipeline operations quickly and safely.\u201d President Joe Biden rushed to calm fears that this had compromised fuel security. \u201cThe agencies across the government have acted quickly to mitigate any impact on our fuel supply.\u201d The deputy national security advisor for cyber and emerging technologies Anne Neuberger waffled to the press<\/a> that the Biden administration was \u201ctaking a multi-pronged and whole-of-government response to this incident and to ransomware overall.\u201d<\/p>\n On May 9, the Federal Motor Carrier Safety Administration within the Department of Transportation issued<\/a> a temporary hours of service exemption for motor carriers and drivers \u201ctransporting gasoline, diesel, jet fuel and other refined petroleum products\u201d across affected States.<\/p>\n Finding the culprit in such operations is almost boringly predictable. The Kremlin tends to get top billing on the list of accused, but on this occasion interest centred on DarkSide rather than President Vladimir Putin. \u201cI\u2019m gonna be meeting with President Putin,\u201d promised<\/a> Biden, \u201cand so far there is no evidence, based on our intelligence people, that Russia is involved.\u201d That did not mean that Russian officials were to be spared scrutiny. There was \u201cevidence that the actors\u2019 ransomware is in Russia \u2013 they have some responsibility to deal with this.\u201d DarkSide, in other words, is being singled out as a bold and enterprising Russian cybercrime outfit, going where even intelligence operatives fear to tread. Out in that jungle of compromised cybersecurity, money is to be made.<\/p>\n DarkSide is cybercrime with a professional face, pirates and buccaneers of the internet with some understanding of public relations. They court the press when they need to. They even operate with a code of conduct in mind. And they are experienced. \u201cOur goal is to make money and not creating problems for society,\u201d lamented<\/a> the group after the operation. \u201cWe do not participate in geopolitics, do not see need to tie us with a defined government and look for\u2026 our motives.\u201d The firm claimed ignorance that one of its affiliates had taken it upon themselves to target Colonial. \u201cFrom today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.\u201d<\/p>\n This event has revealingly exposed the state of poorly protected critical infrastructure run by private companies. \u201cWhen those companies are attacked,\u201d remarked<\/a> deputy national security advisor Elizabeth Sherwood-Randall, \u201cthey serve as the first line of defence, and we depend on the effectiveness of their defences.\u201d<\/p>\n As security analyst Richard Stiennon described<\/a> it, the decision to shut down the pipeline showed that Colonial understood the risks. \u201cOn the other hand, it shows that Colonial does not have 100% confidence in their operational systems\u2019 cybersecurity defenses.\u201d Colonial was doing its best to sound competent, stating<\/a> that it \u201cproactively took certain systems offline to contain the threat.\u201d<\/p>\n A less generous reading of this is that the company never genuinely appreciated those risks, given inadequate backup systems or forking out funds for software with fewer vulnerabilities. The company had effectively issued an open invitation to be targeted, despite warnings<\/a> made in early 2020 by the Department of Homeland Security\u2019s Cybersecurity and Infrastructure Security Agency that a ransomware attack on a US-based natural gas compression facility had taken place.<\/p>\n The provider has done little in terms of clearing the air on how it will deal with the ransom threat. \u201cColonial is a private company and we\u2019ll defer information regarding their decision on paying a ransom to them,\u201d stated<\/a> the less than helpful Neuberger. Neuberger also spoke<\/a> of the \u201ctroubling trend \u2026 of targeting companies who have insurance and may be richer targets\u201d. More had to be done to \u201cdetermine what we do in addition to actively disrupting infrastructure and holding perpetrators accountable, to ensure we are not encouraging the rise of ransomware.\u201d<\/p>\n