:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/BPEI2QQ76SHPPOW6X6A6WHEGX4.jpg "Hong Kong’s M+ museum opens amid censorship controversy – KIRO 7 News Seattle")
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/GLQND2AXQQO2G4O6Q7SICYRJ4A.jpg "Blinken headed to Africa to address various crises – KIRO 7 News Seattle")
WASHINGTON – (AP) – The operator of a large pipeline system that carries fuel across the east coast said it was the victim of a ransomware attack and suspended all pipeline operations to address the threat. The attack is unlikely to affect gasoline supplies and prices unless it leads to an extended shutdown of the pipeline, experts say.
Colonial Pipeline did not say what was being requested or who was making the request. Ransomware attacks are usually carried out by criminal hackers who confiscate data and demand a large payment to release it.
The attack on the company, which claims to supply around 45% of the fuel consumed on the east coast, once again underscores the vulnerability of critical infrastructures to harmful cyber attacks that threaten to disrupt operations. It presents a new challenge for a government still grappling with its response to major hacks from months ago, including a massive breach of government agencies and corporations for which the US sanctioned Russia last month.
In that case, Colonial Pipeline said that Friday’s ransomware attack affected some of its information technology systems and that the company was “proactive” to take certain systems offline and shut down the pipeline. A previous statement said that “steps would be taken to understand and resolve this problem” in order to return to normal operation.
Based in Alpharetta, Georgia, the company transports gasoline, diesel, jet fuel and heating oil from refineries on the Gulf Coast via pipelines from Texas to New Jersey. The pipeline system extends for more than 5,500 miles and carries more than 100 million gallons per day.
The company said it hired a cybersecurity firm to investigate the nature and scope of the attack and has also reached out to law enforcement and federal agencies.
The White House said President Joe Biden had been briefed Saturday morning and the federal government was working with the company to assess the impact of the attack, restore operations and prevent disruptions to supplies. The government is planning various scenarios and is working with state and local authorities on measures to alleviate potential supply problems.
Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices will depend on how long the pipeline is down. A day or two of downtime would be minimal, he said, but a five or six day downtime could create bottlenecks and price increases, especially in an area that stretches from central Alabama to the Washington, DC area.
Lipow said a major concern about an extended delay is the supply of jet fuel necessary to operate large airports like those in Atlanta and Charlotte, North Carolina.
Robert Lee, CEO of Dragos, a leading expert on industrial control systems, said systems like those that directly control the operation of the pipeline have increasingly been connected to computer networks over the past decade.
However, critical infrastructure companies in the energy and electricity industries have also tended to have invested more in cybersecurity than other sectors. If the Colonial shutdown was largely precautionary – and detected the ransomware attack early and was well prepared – the impact might not be great, Lee said.
While there have long been fears that US adversaries could disrupt American utilities, ransomware attacks by criminal syndicates are far more common and have increased dramatically in recent times. The Justice Department has a new task force dedicated to fighting ransomware attacks.
The attack “underscores the threat ransomware poses to businesses regardless of size or industry,” said Eric Goldstein, assistant director of cybersecurity at the federal agency for cybersecurity infrastructure and security.
“We encourage every organization to take steps to improve their cybersecurity and reduce their exposure to these types of threats,” Goldstein said in a statement.
Ransomware uses encryption to encrypt the data of a victim organization. The criminals leave ransom payment negotiation instructions on infected computers and provide software decryption keys after payment.
The attacks, mostly by criminal syndicates operating from Russia and other safe havens, reached epidemic proportions last year, costing hospitals, private medical researcher companies, state and local governments and schools tens of billions of dollars. Biden administration officials are warning of a national security threat, especially after criminals begin stealing data before encrypting victims’ networks, and say they will post it online unless a ransom is paid.
The average ransom amounts paid in the U.S. nearly tripled in the past year to more than $ 310,000. The average downtime for victims of ransomware attacks is 21 days, according to Coveware, which helps victims respond.
US law enforcement officials say some of these criminals have partnered with Russian security services and that the Kremlin is benefiting by damaging the opponents’ economies. These operations may also provide coverage for information gathering.
“Ransomware is the most common disruptive event companies are currently experiencing that would result in their being shut down to prevent the spread,” said Dave White, president of cybersecurity firm Axio.
Mike Chapple, professor of IT, analytics and operations teaching at Mendoza College of Business at Notre Dame University and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and be vulnerable to cyber intrusion.
“The attacks were extremely sophisticated and could break down some pretty sophisticated security checkpoints or the right level of security checkpoints did not exist,” said Chapple.
Brian Bethune, a professor of applied economics at Boston College, also said the impact on consumer prices should be short-lived as long as the shutdown doesn’t last more than a week or two. “But it’s an indication of how vulnerable our infrastructure is to these types of cyberattacks,” he said.
Bethune noted that the shutdown comes at a time when energy prices have already risen as the economy reopens as the pandemic restrictions are lifted. According to the AAA Auto Club, the national average for a gallon of regular gasoline has increased 4 cents since Monday to $ 2.94.
Anne Neuberger, the Biden government’s assistant national security advisor on cybersecurity and emerging technologies, said in an interview with The Associated Press in April that the government is making renewed efforts to help electricity utilities, water districts and other critical industries protect themselves from potentially harmful cyberattacks help. She said the goal is to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity.
Since then, the White House has announced a 100-day initiative aimed at protecting the country’s electricity system from cyberattacks by encouraging power plant and utility owners and operators to improve their skills in identifying cyber threats to their grids. It contains concrete milestones for the use of technologies so that you can recognize interventions in real time and react to them.
___
Suderman reported from Richmond, Virginia. Associate press writers Frank Bajak in Boston and Martin Crutsinger and Michael Balsamo in Washington contributed to this report.
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/6E356BQTDTLIDAW5GTIPNUMB7U.jpg "Police enabled armed militia – KIRO 7 News Seattle")
