Cyber Experts Warn Pipeline Hack Could Be Just The Beginning

(Drew Angerer/Getty Images)

Varun Hukeri General Assignment & Analysis Reporter
Font Size:

The cybersecurity attack on the Colonial Pipeline in early May caused major disruptions across the eastern United States, but experts warn similar attacks could occur in the future as much of the nation’s energy infrastructure remains vulnerable.

Multiple states and Washington, D.C. experienced widespread gas shortages after hackers targeted the Colonial Pipeline, which transports more than 100 million gallons of gasoline daily. The shortages led several governors to declare states of emergency and motorists formed long lines at the few remaining stations with gas.

The FBI confirmed that hackers associated with the group DarkSide deployed ransomware against the pipeline company’s business systems. The pipeline network shut down out of concern the malware that infected its back-office functions could spread to the pipeline’s operating system or make it difficult to charge suppliers for fuel transported along the pipeline.

Fuel tanks are seen at Colonial Pipeline Baltimore Delivery in Baltimore, Maryland on May 10, 2021. - The US government declared a regional emergency Son May 9, 2021 as the largest fuel pipeline system in the United States remained largely shut down, two days after a major ransomware attack was detected. The Colonial Pipeline Company ships gasoline and jet fuel from the Gulf Coast of Texas to the populous East Coast through 5,500 miles (8,850 kilometers) of pipeline, serving 50 million consumers. The company said it was the victim of a cybersecurity attack involving ransomware -- attacks that encrypt computer systems and seek to extract payments from operators. (Photo by JIM WATSON / AFP) (Photo by JIM WATSON/AFP via Getty Images)

Fuel tanks are seen at Colonial Pipeline Baltimore Delivery in Baltimore, Maryland on May 10, 2021 (Jim Watson/AFP via Getty Images)

Energy Secretary Jennifer Granholm announced May 12 that the Colonial Pipeline was planning to resume operations after initially shutting down the week before. It was later reported that the company paid a $5 million ransom “in untraceable cryptocurrency within hours after the attack.” (RELATED: Colonial Pipeline Hacker Group Will Reportedly Shut Down Its Operations)

Colonial Pipeline systems have since returned to normal, but the attack demonstrated an urgent need to address existing cybersecurity challenges facing the nation’s energy infrastructure, according to the Government Accountability Office (GAO).

A confidential report from the Energy and Homeland Security Departments found that the nation could only afford three to five more days with the pipeline shutdown before experiencing major disruptions to mass transit, chemical factories and refinery operations, The New York Times (NYT) reported.

“This attack has exposed just how poor our resilience is,” Cyber Readiness Institute managing director Kiersten E. Todt told the NYT. “We are overthinking the threat, when we’re still not doing the bare basics to secure our critical infrastructure.”

Emory University information systems professor Ramnath Chellappa told NPR-WABE that a major concern about the pipeline hack is that copycat online hackers could use similar tools in future attacks. He noted that many of the techniques hackers use are shared on the dark web and in online forums.

“A lot of these high-profile hackers can actually put out the software, the techniques and the mechanisms that they used, in some of these hacking forums and groups,” Chellappa said. “There could be others who may not be necessarily as sophisticated as the original ones, but they may also be able to implement those techniques.”

The reported ransom payment has also faced scrutiny from some cybersecurity experts, who told USA Today that ransom may incentivize hackers to launch even more malware attacks on critical targets. Former cybersecurity official Christopher Krebs testified two days before the attack that hackers “have been allowed to run amok” because their crimes are so lucrative.

“The time has absolutely come for governments to consider prohibiting ransom payments,” suggested Emsisoft threat analyst Brett Callow. “If the payments stop, the attacks will stop.”

“I personally believe that part of the reason there is a thriving market and ecosystem for ransomware is that people are paying,” agreed former Obama administration cybersecurity coordinator Michael Daniel. “Now, it’s a national security and safety threat. And the Colonial Pipeline example makes that abundantly clear.” (RELATED: Biden Says They Don’t Believe Russian Government Was Involved In Colonial Pipeline Hack)

Image showing the Colonial Pipeline Houston Station facility in Pasadena, Texas (East of Houston) taken on May 10, 2021. (eds note : Colonial pipeline facilities are the pale blue pipes in the center of the image, other installations belong to different companies.) - US President Joe Biden said that a Russia-based group was behind the ransomware attack that forced the shutdown of the largest oil pipeline in the eastern United States. The FBI identified the group behind the hack of Colonial Pipeline as DarkSide, a shadowy operation that surfaced last year and attempts to lock up corporate computer systems and force companies to pay to unfreeze them. (Photo by Francois PICARD / AFP) (Photo by FRANCOIS PICARD/AFP via Getty Images)

Image showing the Colonial Pipeline Houston Station facility in Pasadena, Texas taken on May 10, 2021 (Francois Picard/AFP via Getty Images)

The U.S. government has warned about threats and attacks on energy infrastructure for years. A Congressional Research Office report in 2017 stated that power grids and pipelines are especially vulnerable, and “cyber threats to the computer systems that operate this critical infrastructure are an increasing concern.”

One suggestion experts said could protect energy infrastructure from future attacks is for the U.S. government to consider minimum cybersecurity safety standards on those companies, which are currently in place only for the nuclear energy industry, according to USA Today.

Companies are not required to adhere to certain standards protecting from intrusions nor are they required to to maintain secure backups of their data and systems. Federal agencies instead offer guidelines and recommendations urging industries to voluntarily take such precautions against cyberattacks.

GAO has made more than 3,300 recommendations since 2010 aimed at addressing cybersecurity shortcomings in the public and private sector. But around 750 of those have not been implemented as of December 2020.

But the Colonial Pipeline attack has drawn significant attention from the federal government, and spurred President Joe Biden to sign an executive order last Wednesday aiming to protect the nation against “increasingly sophisticated” cyberattacks.