The ransomware attack that forced the closure of the largest U.S. fuel pipeline at the weekend showed how cybercriminals pose a far-reaching threat to the aging, vulnerable infrastructure that keeps the nation's energy moving.
Colonial Pipeline Co. closed its entire 5,500-mile conduit carrying
สล็อตวอเลท gasoline and other fuels from the Gulf Coast to the New York metro area Friday as it moved to contain an assault that involved ransomware, code that holds computer systems hostage.
So far, no evidence has emerged that the attackers penetrated the vital control systems that run the pipeline, according to people familiar with the matter. But the consequences of an infection spreading to that deeper layer are dire for any energy company.
Many machines that control pipelines, refineries and power plants are well past their prime, have few protections against sophisticated attacks and could be manipulated to muck with equipment or cause damage, cybersecurity experts say.
NYSE to Delist Chinese Telecom Carriers After Rejecting Appeals
Millions Are Unemployed. Why Can't Companies Find Workers?
Fox to Acquire Outkick Media, a Sports and Culture News Site
Last year, a ransomware attack moved from a natural-gas company's networks into the control systems at a compression facility, halting operations for two days, according to a Department of Homeland Security alert.
The company, which Homeland Security didn't name, didn't have a plan to respond to a cyberattack, the agency said.
The Colonial ransomware attack is a high-profile example of the online assaults that U.S. companies, schools, hospitals and other organizations now face regularly. It should also serve as a wake-up call for the energy industry's particular exposure, according to consultants and others who work with companies to shore up cybersecurity.
U.S. and industry officials have known for years about such problems surrounding the nation's energy infrastructure.
A cybersecurity unit of Homeland Security said in 2016 it had worked to identify and mitigate 186 vulnerabilities throughout the energy sector, the most of any critical-infrastructure industry that year. In 2018, federal officials warned that hackers working for Russia had infiltrated the control rooms of U.S. electric utilities.
The energy industry is a big target. The U.S. has roughly 2.5 million miles of pipelines. Across that vast network are hundreds of thousands of devices -- sensors that take myriad readings, valves that help control flow and pressure within a pipeline and leak detection systems -- and all are vulnerable to attack, security experts said.
Refineries have even more valves and sensors than big pipelines, and there are about 135 of those across the country. That doesn't include electric utilities and all the components of the sprawling power grid.
Colonial ferries 100 million gallons a day of gasoline, diesel and other refined petroleum products from the country's chief refining corridor along the Gulf Coast to Linden, N.J. It transports roughly 45% of the fuel consumed on the East Coast, according to the company's website.
Curtis Smith, a spokesman for Royal Dutch Shell PLC, one the owners of the Colonial Pipeline, said Sunday it is still too early to "be specific about potential impacts to product flow."
He said Shell is actively engaged with Colonial.
The trade group American Petroleum Institute said it was closely monitoring the pipeline situation and that cybersecurity is a top priority for the energy industry.
API members are engaged continuously with the Transportation Security Administration, Cybersecurity and Infrastructure Security Agency and the Energy Department to "mitigate risk and fully understand the evolving threat landscape," said Suzanne Lemieux, API's manager of operations security and emergency response policy.
The type of attack that occurred against Colonial Pipeline is becoming more frequent and is something that businesses need to be concerned with, Commerce Secretary Gina Raimondo said Sunday.
The attacks are "here to stay and we have to work in partnership with businesses to secure networks, to defend ourselves against these attacks," she said on CBS's Face the Nation. Specific to the Colonial attack, "it's an all-hands-on-deck effort right now."
In response to the Colonial Pipeline shutdown, the Transportation Department's Federal Motor Carrier Safety Administration said Sunday that it has issued a temporary hours of service exemption for trucks transporting gasoline and other refined products across 17 states, including Georgia, South Carolina, North Carolina and Tennessee.
The move would allow flexibility for truckers delivering fuel, White House press secretary Jen Psaki said in a tweet.
On Sunday, Colonial didn't provide a timeline for bringing the pipeline back into service but said that while its main lines remained offline, some smaller lateral lines between terminals and delivery points were once again operational.
Anmelden
Registrieren
FAQ
Suche
