Is there a US gas shortage? Three questions about pipeline hack.

|
Woody Marshall/News & Record/AP
In this aerial image, vehicles line up for gasoline at Costco in Greensboro, North Carolina, May 11, 2021. The Colonial Pipeline, which delivers about 45% of the East Coast’s fuel, was hit by a cyberattack on Friday. Efforts are underway to stave off potential fuel shortages as the shutdown continued a fifth day.
  • Quick Read
  • Deep Read ( 5 Min. )

Cyberattacks may seem an abstract threat to many Americans. But the ransomware strike that knocked offline a key gasoline pipeline last week has created concrete problems for drivers in the Southeast as fuel prices creep up and lines form at service stations in affected areas.

The pipeline came back online Wednesday evening, Energy Secretary Jennifer Granholm announced. But the shutdown of the Colonial Pipeline system underscores the continued vulnerability of important sections of the country’s infrastructure to foreign hackers seeking chaos or cash, or both. Many potential targets of cyber extortion haven’t invested enough in computer security in recent years, say some experts. Meanwhile, the explosion of remote work during a pandemic has created more holes where bad actors can break into systems.

“With this pipeline incident, it will hit Americans in the pocketbook at the pump,” says Tony Turner, vice president of security solutions at Fortress Information Security, a Florida-based company that specializes in the security of critical infrastructure. “Colonial was negligent in their responsibilities to properly secure their environment, and all of us are paying for it.” 

Why We Wrote This

Understanding cyberthreats can make it easier to respond instead of react. We start with answers to three key questions about the Colonial Pipeline hack.

Cyberattacks may seem an abstract threat to many Americans. But the ransomware strike that knocked offline a key gasoline pipeline last week has created concrete problems for drivers in the Southeast as fuel prices creep up and lines form at service stations in affected areas.

The pipeline came back online Wednesday evening, Energy Secretary Jennifer Granholm announced, although it is expected to take several days to become fully operational. But the shutdown of the Colonial Pipeline system underscores the continued vulnerability of important sections of the country’s infrastructure to foreign hackers seeking chaos or cash, or both. Many potential targets of cyber extortion haven’t invested enough in computer security in recent years, say some experts. Meanwhile, the explosion of remote work during a pandemic has created more holes where bad actors can break into systems.

“With this pipeline incident, it will hit Americans in the pocketbook at the pump,” says Tony Turner, vice president of security solutions at Fortress Information Security, a Florida-based company that specializes in the security of critical infrastructure. “Colonial was negligent in their responsibilities to properly secure their environment, and all of us are paying for it.”

Why We Wrote This

Understanding cyberthreats can make it easier to respond instead of react. We start with answers to three key questions about the Colonial Pipeline hack.

What happened?

Last Friday, Colonial Pipeline shut down its 5,500-mile-long East Coast gasoline pipeline due to cyberattack. The pipeline, which runs from Houston to the New York City area, provides the eastern section of the United States with almost half of its transportation fuel. 

The firm acknowledged on Saturday that its corporate computers had been hit by a ransomware attack, in which a criminal organization encrypts a target’s computer data, essentially holding it hostage until the target pays a ransom. The pipeline was shut down apparently as a precaution to block the malware affecting the corporate data from traveling into its pipeline control system, with potentially far-reaching results.

On Monday, the FBI said that a relatively new hacking group based in Eastern Europe or Russia called DarkSide was behind the attack. In brief comments on the subject, President Joe Biden said that the Russian government did not appear to be behind the attack. However, he criticized Russian authorities for tolerating criminal hacker groups that target non-Russian corporations and governments.

“They have some responsibility to deal with this,” said President Biden.

A group purporting to be DarkSide posted its own statement on the clandestine dark web following the U.S. revelations. It sounded a bit surprised, as if it was not aware of the implications of taking down such an important target.

Martin Brossman/Reuters
An "out of gas" sticker is seen on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack, May 11, 2021.

“Our goal is to make money, and not creating problems for society,” the statement said in part.

Is there a gas shortage?

The Colonial Pipeline attack could have been worse. Pipeline controls appear largely unaffected. Gasoline and jet fuel are very important products, but perhaps not as important as natural gas for furnaces piped into the Northeast in the winter.

“Overall, natural gas provides 40% of American electrical power production, so this is a significant incident, but not near as critical as an incident could [have been] involving pipelines,” says Mark Montgomery, senior adviser to the chairmen of the Cyberspace Solarium Commission, a congressionally mandated group created to devise a strategy for the nation in cyberspace.

That said, the interruption of gas, diesel, and jet fuel supplies comes at a time of year when travel generally begins to increase – and at a time when the pandemic appears to be abating, potentially releasing a huge pent-up national demand for mobility.

Gas prices were already rising – up 6 cents per gallon over the past week, AAA said on Monday – and the ransomware attack may have been pushing them higher still, particularly in the Southeast and mid-Atlantic. Mississippi, Tennessee, and the East Coast from Georgia to Delaware are likely to experience limited fuel availability and extra price hikes, according to AAA.

Panicked buying in areas affected by the pipeline shutdown made things worse, as hoarding drained gas stations dry of reserves. As of Wednesday afternoon, 65% of all gas stations in North Carolina, and 42% in Georgia, Virginia, and South Carolina, were without gasoline, according to GasBuddy, an app that tracks fuel availability and price.

The situation was even worse in metro areas, with some 75% of stations in Raleigh and Charlotte, North Carolina, out of fuel.

Seen in a national context, there is not a shortage of gasoline per se, said AAA spokeswoman Jeanette McGee. There is a transportation problem, with a short-term inability to deliver gas to everywhere it’s needed.

“There is ample supply to fuel the United States for the summer, but what we’re having an issue with is getting it to those gas stations because the pipeline is down,” said Ms. McGee. 

Are ransomware attacks increasing?

Ransomware isn’t new. Its first documented use was in 1989 with the PC Cyborg virus, which was transmitted from computer to computer on infected floppy disks, according to a 2017 study of ransomware published by the director of national intelligence.

But U.S. officials believe that it is a particularly malicious type of attack that is liable to make up a larger and larger percentage of the cybercrime directed at vulnerable companies, hospitals, police forces, and other institutions.

Globally, some 1,300 companies experienced ransomware attacks in 2020, according to a study from Emsisoft, an antivirus software firm. In the U.S,. 2,354 schools, hospitals, and government entities were similarly targeted.

Earlier this week, for instance, a hacker group named Babuk that had infiltrated the D.C. Police Department’s computers began releasing personnel files of individual officers, and said that it would publish information on sensitive investigations and informants unless the district government paid it a ransom. Such a slow increase in pressure is a common feature of a ransomware attack.

Critical infrastructure such as pipelines, electrical grids, and water treatment plants may be particularly vulnerable to ransomware. 

For them the stakes involved in an attack may be high. Imagine hackers gaining control of a water plant and remotely increasing the percentage of chlorine added to the water – an attack successfully simulated by Georgia Institute of Technology researchers, according to the DNI ransomware report. And many infrastructure computer systems are patchworks created over years, by institutions that did not sufficiently invest in cyber defense.

“Broadly, we have found in a lot of infrastructure that didn’t feel the pressure of criminal behavior 10 or 15 years ago, they did not make that investment. And that’s why we’re vulnerable today,” says Mr. Montgomery of the Cyberspace Solarium Commission.

The Justice Department has formed a task force to try to stop the growing ransomware trend. The point is to develop a strategy to attack the entire ecosystem that allows ransomware groups to thrive. That means identifying links between national governments and ransomware groups, prosecuting those responsible, and curbing services that support the crime, such as online forums where ransomware providers advertise their services.

President Biden also issued an executive order Wednesday, planned since early in his administration, to implement new digital safety standards in the federal government. The order also aims to remove barriers to information-sharing between government and the private sector, improve the security of software supply chains. and standardize the response to cyber incidents.

“While we expect companies to secure their infrastructure, these continued breaches only reinforce the need for a cohesive and cooperative partnership between the government and private companies that operate our nation’s critical infrastructure,” said Sen. Mark Warner, Democrat of Virginia and co-chair of the bipartisan Senate Cybersecurity Caucus, in an email to the Monitor.

“There’s been various discussions on the Hill regarding mandatory breach notification,” said a senior administration official in a press call discussing the executive order. “It’s hard to learn from each incident and ensure that broadly government and companies have information to protect themselves. So we’ve pushed the authority as far as we could and said anybody doing business with the U.S. government will have to share incidents so that we can use that information to protect Americans more broadly.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Is there a US gas shortage? Three questions about pipeline hack.
Read this article in
https://www.csmonitor.com/USA/Politics/2021/0512/Is-there-a-US-gas-shortage-Three-questions-about-pipeline-hack
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe