The operator of Colonial Pipeline fell victim to the attack on May 7, the company said in a statement. A Russian hacker group known as Darkside claimed responsibility.
The pipeline carries almost half of the fuel used on the East Coast, and a security expert told NPR that the attack shows “core elements of our national infrastructure” are still susceptible to hacking. But the incident has also brought renewed urgency to recommendations on how to lessen this vulnerability.
As Politico reports, the hack could be a “golden opportunity” for information security experts who want to see the Biden administration do a better job of pulling up the digital drawbridge. And the breach could have been much worse if it had affected a natural gas pipeline, which is crucial for electricity and is delivered on a “just-in-time” basis rather than stored in tanks.
Already, as The New York Times reports, U.S. officials are questioning whether Biden’s planned executive order on cybersecurity goes far enough. The order would set new standards, such as requiring a zero-trust approach, for government agencies and the contractors that serve them.
Drawn up as a response to the massive SolarWinds hack, the order wouldn’t necessarily have prevented the Colonial breach. Perhaps more helpfully in cases like this one, the order would also set up real-time information sharing between the National Security Agency and private companies.
Security pros told CSO that the Colonial attack shows organizations need to be sure they have greater visibility into their operational technology systems so they can see better how wide the impact of a breach is before a potential shutdown. Having a clear segmentation between operational technology and information technology systems should also help, experts said.
Shares in FireEye climbed during the first full trading day after the breach. The cybersecurity firm said its Mandiant division was helping investigate the attack.
Of course, Colonial isn’t the only U.S. energy asset to be hit by hackers. As Bloomberg details, the U.S. Department of Homeland Security warned last year of a ransomware attack that disrupted an unnamed natural gas compressor facility. In 2018, five U.S. natural gas pipeline operators such as Energy Transfer Partners LP and TransCanada Corp. confirmed disruptions due to a cyberattack on a third-party vendor.