U.S. Gasoline Pipeline learned it was the victim of a cybersecurity attack on May 7 and has since determined that the incident involved ransomware, code that holds computer systems hostage. In response, the pipeline company proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of their IT systems, which they are actively in the process of restoring.
According to another article, The US government has declared a state of emergency after the ransomware attack. The emergency status enables fuel to be transported by road. Experts say fuel prices are likely to rise 2-3% on May 10, but the impact will be far worse if it goes on for much longer.
Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang, who infiltrated Colonial’s network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom.
The co-founder of a London-based cyber-security firm says that that the pipeline company’s cyberattack has come about due to the coronavirus pandemic. This is because of the rise of engineers remotely accessing control systems for the pipeline from home. He believes that the cybercriminal gang bought account login details relating to remote desktop. Third-party cybersecurity experts were also immediately engaged after discovering the issue and launched an investigation into the nature and scope of this incident.
The pipeline company remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the Federal Government response. The company’s highest priority is to maintain the operational security of its pipeline. Their personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline.
The pipeline company’s operations team is developing a system restart plan. While their mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational. They are in the process of restoring service to other laterals and will bring our full system back online only when they believe it is safe to do and in full compliance with the approval of all federal regulations.
This incident highlights the increasing risk ransomware is posing to critical national industrial infrastructure, not just businesses. It also marks the rise of an insidious criminal IT ecosystem worth tens of millions of pounds. It is unlike anything the cyber-security industry has ever seen before.
According to an article, cybersecurity experts say that the consequences of an infection spreading to the pipeline’s deeper layer are dire for any energy company. Many machines that control pipelines, refineries and power plants are well past their prime. The machines have few protections against sophisticated attacks and could be manipulated to muck with equipment or cause damage.
Security experts say that the energy industry is a big target. The U.S. has roughly 2.5 million miles of pipelines. Across that vast network are hundreds of thousands of devices, sensors that take myriad readings, valves that help control flow and pressure within a pipeline and leak detection system. They are vulnerable to attack.
U.S. Commerce Secretary says that the type of attack that occurred against the pipeline company is becoming more frequent and is something that businesses need to be concerned with. She adds that the attacks are here to stay and they have to work in partnership with businesses to secure networks, to defend themselves against these attacks.