For years, the cybersecurity industry has warned that state-sponsored hackers could shut down large swathes of US energy infrastructure in a geopolitically motivated act of cyberwar. But now apparently profit-focused cybercriminal hackers have inflicted a disruption that military and intelligence agency hackers have never dared to, shutting down a pipeline that carries nearly half the fuel consumed on the East Coast of the United States.
On Saturday, the Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas along a 5,500 mile path from Texas to New Jersey, released a statement confirming reports that ransomware hackers had hit its network. In response, Colonial Pipeline says it shut down parts of the pipeline’s operation in an attempt to contain the threat. The incident represents one of the largest disruptions of American critical infrastructure by hackers in history. It also provides yet another demonstration of how severe the global epidemic of ransomware has become.
“This is the largest impact on the energy system in the United States we’ve seen from a cyberattack, full stop,” says Rob Lee, CEO of the critical-infrastructure-focused security firm Dragos. Aside from the financial impact on Colonial Pipeline or the many providers and customers of the fuel it transports, Lee points out that around 40 percent of US electricity in 2020 was produced by burning natural gas, more than any other source. That means, he argues, that the threat of cyberattacks on a pipeline presents a significant threat to the civilian power grid. “You have a real ability to impact the electric system in a broad way by cutting the supply of natural gas. This is a big deal,” he adds. “I think Congress is going to have questions. A provider got hit with ransomware from a criminal act, this wasn’t even a state-sponsored attack, and it impacted the system in this way?”
Colonial Pipeline’s short public statement says that it has “launched an investigation into the nature and scope of this incident, which is ongoing.” Reuters reports that incident responders from security…