Colonial Pipeline Flowing Again Following Cyberattack

Colonial Pipeline has resumed operations after a ransomware hack brought down its services, prompting panic buying and a cybersecurity-focused executive order from President Joe Biden.

A hand written sign is posted on a gas pump, showing that the service station is out of all grades of fuel Wednesday in Charlotte, N.C. (AP Photo/Chris Carlson)

WASHINGTON (CN) — Though it could take several days before services resume as normal, Colonial Pipeline reported on Wednesday that its operations are up and running following a cyberattack last week.

“Some markets served by Colonial Pipeline may experience or continue to experience intermittent service interruptions during the start-up period,” the fuel provider said in a statement early Wednesday evening.

The interruption to service was sparked by a ransomware attack that federal authorities and the FBI say stemmed from the criminal hacker group, DarkSide.

DarkSide bills itself as a “white hat” entity, claiming they target revenue-rich corporations and donate a portion of the ransom they take for stolen data to charities. The attack on the 5,500-mile long pipeline that carries gas and diesel throughout the East Coast supplies nearly 50% of those refined fuels to the region, ending up in everything from cars and commercial trucks to jet planes and on military bases.

The hack took considerable chunks of Colonial’s services offline in short order, prompting the company to hire private cybersecurity firm Mandiant to help restore their networks. Another company, FireEye is reportedly assisting with data recovery, the Washington Post was first to report Wednesday.

During a briefing at the White House this week, Elizabeth Sherwood Randall and Anne Neuberger, who serve as the Biden administration’s homeland security adviser and deputy adviser for cyber and emerging technologies respectively, said the federal government would stay out of Colonial’s way unless they specifically asked for assistance.

The FBI generally recommends against paying hackers ransom, as it typically cascades into a waterfall of more and larger requests.

Widespread reports circulating citing unnamed sources familiar with Colonial Pipeline’s plans, suggest the fuel company does not intend on paying any ransom in exchange for restoration of data thieved from its systems.

Colonial did not return requests for comment.

The fallout from the hack began to gather more steam in the U.S. on Tuesday and Wednesday as panicked consumers hit the fuel pumps to stock up, fearing a looming fuel shortage. To keep supply flowing, the EPA and President Joe Biden swiftly issued a series of waivers on gas regulations, ultimately making it easier for more fuel to be hauled in faster but without meeting smog requirements in some areas. The EPA has said the waivers are only in effect until May 18.

Petroleum analysts at Gas Buddy have warned of a slight increase in prices at the gas pump as panic buying has since compounded the effects of the temporary shortage. In Washington, D.C., 10% of gas pumps were all out of fuel and in nearby Virginia, 44% of pumps were empty as of Wednesday night. Some of the worst outages, Gas Buddy reported, were in North Carolina where 65% of the fuel pumps were dry. More than 10,000 gas stations reported being out on the East Coast Wednesday.

“As we initiate our return to service, our primary focus remains safety. As part of this startup process, Colonial will conduct a comprehensive series of pipeline safety assessments in compliance with all Federal pipeline safety requirements,” the company said in a statement.

It is not entirely clear where DarkSide hackers operate from, with most cybersecurity experts pointing to Russia as the likely culprit but according to the Washington Post, Mandiant was able to trace some stolen data to a server hosted in New York. This past weekend, that server was shutdown.

Toughening up the nation’s cyber infrastructure, like most infrastructure work, is a momentous and costly task and anxieties about compromised systems are high. A survey published Wednesday by private cybersecurity firm Proofpoint reported that of 1,400 chief information security officers at companies around the U.S. and in 14 other nations, most feel unprepared to meet a hacker head on.

According to the report, 83% of the tech officers surveyed from around the world rated the risk of a breach to their system as “likely.” Some of the biggest fears they have revolve around business email being compromised and cloud accounts disrupted.

With much of the nation’s critical infrastructure controlled by private entities and the Colonial Pipeline breach getting under control, President Biden issued an executive order Wednesday night that is aimed at tamping down on “increasingly sophisticated malicious cyber campaigns” that pose serious threat to the public sector.

“The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” the order states. “In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.”

In part, the order directs federal agencies like the Office of Management and Budget, the Department of Defense, Homeland Security and the Office of the Director of National Intelligence, among others, to review its contracts with private IT firms and determine whether data collection, service and reporting is secure. The White House has also ordered detailed reports on any cyber incidents those agencies may have experienced or prevented as well as any investigations undertaken. Deadlines are set roughly 60 to 120 days out for most reporting requirements under the order.

Biden’s order also highlights the need to sort out “contractual barriers” present in many existing IT agreements where the FBI or Cybersecurity and Infrastructure Security Agency are unable to investigate thoroughly because of restrictions around data sharing.

%d bloggers like this: