Pipeline attack in US underscores weakness of cyber defence

The attack on Colonial Pipeline underscored the vulnerability of critical infrastructure to cyber attacks from state and non-state actors. PHOTO: AFP

WASHINGTON - Petrol prices have edged higher in parts of the US east coast, with sporadic reports of some stations running out or reporting low supplies, following a cyber extortion attack which forced the crucial Colonial Pipeline to pre-emptively shut down last Friday (May 7).

The White House, which has declared a state of emergency on the eastern seaboard, late on Monday said it was monitoring supply shortages, and that President Joe Biden had directed federal agencies to bring resources to bear on the problem.

The Georgia-based company transports petrol and other fuel through 10 states between Texas and New Jersey, carrying roughly 45 per cent of all fuel consumed on the East Coast.

In a statement, Colonial Pipeline said the situation "remains fluid and continues to evolve" but it was "executing a plan that involves an incremental process… (with the) goal of substantially restoring operational service by the end of the week".

The incident has been a major wake-up call, underscoring the vulnerability of critical infrastructure to cyber attacks from state and non-state actors.

"The fact that a bunch of geeks armed with laptops shut down a pipeline that serves 45 per cent of America's oil refineries shows that US critical infrastructure is a lot more vulnerable to cyber extortion than we'd like to think," the geopolitical risk consultancy Eurasia Group said in an e-mail.

"And the Biden administration's US$2 trillion (S$2.65 trillion) plan to upgrade US infrastructure across the board turns cyber security into an even more urgent concern," it added.

On Monday, the FBI confirmed that the attack was carried out by a cybercrime gang calling itself DarkSide, apparently based in eastern Europe and Russia.

"DarkSide ransomware is responsible for the compromise of the Colonial Pipeline network," the FBI said in a statement. "We continue to work with the company and our government partners on the investigation."

On Monday, the gang released a statement saying the group is apolitical and only wants to make money.

There is no indication as to whether Colonial Pipeline has or intends to meet the ransom demand.

"Typically, that is a private sector decision, and the administration has not offered further advice at this time," deputy national security adviser for cyber and emerging technologies Anne Neuberger told White House reporters.

"Given the rise in ransomware, that is one area we are definitely looking at now to say what should be the government's approach."

President Biden on Monday called the ransomware attack a "criminal act". He added that while there is no evidence that Russia was behind it, if the hackers are based in Russia, then Moscow has "some responsibility".

Separately, Arizona Democrat Ruben Gallego, a member of the House Armed Services Committee, said: "The Russian government cannot give refuge to these cyber terrorists without repercussions."

"We need to invest to safeguard our critical infrastructure," Mr Biden said. Energy Secretary Jennifer Granholm said the attack "tells you how utterly vulnerable we are" to cyber attacks on infrastructure.

The attack came as the administration, including the Energy Department, works on boosting cyber security for critical infrastructure. The Justice Department has formed a ransomware task force.

"This is a serious example of what we're seeing across the board in many places and it tells you that we need to invest in our systems, our transmission grid for electricity. We need to invest in cyber defence in these energy systems," Ms Granholm said on Bloomberg TV.

The World Economic Forum, in a commentary on Monday, said the attack on Colonial Pipeline "could become one of the most expensive attacks to an economy".

It said its own surveys showed that 80 per cent of senior cyber security leaders see ransomware as "a dangerous growing threat that is threatening our public safety".

Yet, at this point, the US government cannot do much more to stop the hackers, or hold them responsible for a brazen attack that would otherwise be considered an act of war against America, the Eurasia Group said.

"It can't even prevent the corporation from paying the cryptocurrency ransom," the group noted.

Join ST's Telegram channel and get the latest breaking news delivered to you.