Over the weekend, the Georgia-based energy infrastructure company Colonial Pipeline announced that it shut down all pipeline operations after a cyberattack, causing gasoline futures to rise. In a press release, the company said, “On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware.” In response to the attack, Colonial Pipeline had to take systems offline. As of late Sunday night, some of the smaller lines were back online, but not the main conduits. Colonial aims to have the system back up and running at full service by the end of this week.
Colonial Pipeline may not be well known, but it is one of the most important parts of America’s energy infrastructure. The company runs pipelines through 14 states, stretching from New Jersey to Texas. One hundred million gallons of fuel are transported through the system daily. Almost half of the fuel consumed on the East Coast passes through Colonial’s system. The attack brought much of this crucial activity to a halt.
In its brief statements on the matter, the FBI claimed that DarkSide ransomware was behind the attack. DarkSide is a cybercriminal organization that designs and sells ransomware. DarkSide’s press team said, “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
This gesture at corporate responsibility is disingenuous, as DarkSide has threatened to release the private information of children from a hacked school system. The group, which researchers say is based in Eastern Europe (possibly Russia), also claims to be politically neutral: “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives.”
This may or may not be true, but it is not uncommon for adversarial governments to mask their geopolitical cyberwarfare as criminal activity. Using either intelligence personnel or contracted criminals, governments have been known to engage in cyberattacks. The MSUpdater hacking group was revealed to be a unit of the Chinese People’s Liberation Army in 2014, and the Guccifer 2.0 2016 election hacking group was run by the GRU, Russian military intelligence.
Bringing crucial American infrastructure to a halt aligns with the interests of several governments that have contentious relations with the United States. As DarkSide is an Eastern European organization, Russia is particularly suspect in this attack. Russia has a long pattern of cyberattacks on critical sectors in Ukraine, Georgia, and Estonia. China has also engaged in such behavior against India. DarkSide could really be an independent criminal organization, but it is more likely that it is either tied to or controlled by a government like Russia’s.
The American energy grid is vulnerable, as this cyberattack and events in Texas in February showed. Our energy industry sorely lacks protections against both cyber-intrusions and natural forces. And the Biden administration is only making things worse with its push for a Green New Deal, attacking traditional energy sources and driving up prices. Gas prices, already up over 30 percent in 2021, will rise as a result of this hack. Without a serious hardening of our critical cyber-infrastructure, expect more of these disruptions in the future.
