Colonial Pipeline Ransomware Attack Highlights Alarming Security Vulnerabilities In Critical Infrastructure
One of the top U.S. fuel pipeline operators had to shutter its network this weekend due to a nasty ransomware attack. This effectively shut down approximately half of the East Coast’s fuel for both air and ground transportation. Though home heating oil prices are not expected to increase as a result, this does raise concerns about how vulnerable U.S. critical infrastructure is after seeing how disruptive this attack was.
Colonial Pipeline is one of the largest pipeline operators in the United States, with over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and directly serving seven airports. The network, which you can see below, spans from New Jersey down into Texas and could be considered a proverbial "jugular of infrastructure in the United States,” according to Amy Myers Jaffe, research professor and managing director of the Climate Policy Lab, who spoke to Reuters.
Yesterday, Colonial posted a press release stating that it learned it was the victim of a cybersecurity attack with ransomware involved. As such, systems were proactively taken offline to contain the threat, but this temporarily halted all pipeline operations. Subsequently, “a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing.” The goal now is to restore service to affected customers and attempt to minimize the impact across the eastern seaboard.
Following that press release, President Joe Biden was reportedly briefed on the situation, and government agencies have been activated to help respond. The Cybersecurity and Infrastructure Security Agency (CISA) tweeted (above) that while they are investigating the situation, “This underscores the threat that ransomware poses to organizations regardless of size or sector.” As such, CISA is encouraging every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.
As we have seen with Colonial, essentially any critical infrastructure serving company or organization in the U.S. is at risk, as there will always be bad actors who wish to disrupt and damage the United States in some way. It's obviously critical to get serious about infrastructure network security, so that collateral damages from attacks like this are fewer and far between. In any case, let us know what you think of this situation in the comments below.