Contributed by Edwin Doyle, Global Security Strategist.
May 10–A fifth generation cyber attack shut down the US fuel pipeline belonging to Colonial Pipeline Inc., which is responsible for pumping over 100 million gallons of gasoline 5,500 miles from Houston to New York Harbor.
Was the attack intended to cause a catastrophic oil spill or to lead to a ransomware demand? It’s unknown at this point, but a statement from Colonial read, “in response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
Responsible for transporting about 45% of all fuel consumed along the East Coast of the US, these critical systems are becoming ever more common targets than ever before. Why? Threat actors are seeking to extort money, nation-states may attempt to impose chaos on their enemies and yet other groups hold further sinister motives. Moreover, some nation states seeking to appear neutral and who want to protect their reputation are now engaging terror organizations to do their dirty work for them; as we saw in March of this year, when Iran backed Hezbollah in using cyber warfare as a tool of coercion against mutual enemies.
The emergence of proxy wars in cyber should come as no surprise, since the skill-set required to hack multi-million dollar corporations, such as Colonial, aren’t easy to acquire. Nefarious threat actors have formed alliances; some with the motivation of financial gain and others motivated to cause disruption.
Colonial’s response in “[taking] certain systems offline to contain the threat” is commendable, especially because it reflects how their superior architecture could minimize damage quickly. Disaster recovery plans are written in anticipation of when, not if, a company is attacked, along with how critical systems should execute a shutdown to prevent serious damage.
So far, Colonial’s DRP has prevented catastrophe, but the attack nevertheless has caused significant disruption. Law enforcement and an independent cyber security forensics team are working with the US Cyber Security and Infrastructure Security Agency to “take steps to understand and resolve this issue,” while Colonial Pipeline’s customers will have to manage the downstream effects of limited fuel to half of the US Eastern Seaboard.