A cyberattack that shut the largest US gasoline pipeline and jeopardized supplies from refineries in the Gulf Coast of Texas has once again highlighted vulnerabilities in America’s critical energy infrastructure.
The Colonial Pipeline Company ships gasoline and jet fuel from the Gulf Coast to about 50 million consumers in the populous East Coast, including Washington DC, Baltimore, and New York, through 5,500 miles (8,850 kilometers) of pipeline.
The top pipeline operator said Saturday that the incident involved ransomware.
The attack comes amid rising concerns over cybersecurity holes in America's energy infrastructure following recent incidents, and after the federal government launched an effort last month to boost cybersecurity in the nation's power grid.
“This attack is unusual for the US. But the bottom line is that attacks targeting operational technology - the industrial control systems on the production line or plant floor - are becoming more frequent,” said Algirde Pipikaite, a cybersecurity expert with the World Economic Forum's center for cybersecurity.
“Cybersecurity vulnerabilities have become a systemic issue. It needs strategic oversight to ensure that operations have preventative controls and an appropriate responses plan if and when attackers breach a system,” he was quoted by Reuters on Saturday.
Mike Chapple, cybersecurity and analytics expert who teaches at the University of Notre Dame, said on Twitter that the latest cyberattack reveals vulnerabilities in the core elements of America’s energy industry and called on Congress and the White House to show leadership in this regard.
“This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack. Securing our energy infrastructure is a national security issue that involves several different federal agencies and requires centralized leadership,” he wrote.
This shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack. Securing our energy infrastructure is a national security issue that involves several different federal agencies and requires centralized leadership. (3/4)
— Mike Chapple (@mchapple) May 8, 2021
“Last year, Congress authorized the creation of a national cybersecurity director within the White House, but this position remains unfilled by the Biden administration. In the wake of attacks like Colonial Pipeline and Solar Winds, it is clear that filling the role needs to be a higher priority.”
Colonial said it contacted a third-party cybersecurity firm to look into the “nature and scope of this incident” and also sought assistance from federal law enforcement agencies.
The shutdown is already fueling concerns about a hike in gasoline and diesel prices ahead of the peak summer driving season if the outage does not end soon.