Hit by a cyberattack, the operator of a major U.S. fuel pipeline said he expects services to be restored mostly over the weekend as FBI and administration officials identified the culprits as a gang of hackers.
U.S. officials tried to allay concerns about rising prices or damage to the economy by stressing that fuel supply had so far not experienced widespread disruptions and the company said it was working to “substantially restore operational service. ” the weekend.
He White house He said in a statement Monday afternoon that he was monitoring supply shortages in some areas of the southeast and that President Joe Biden had commissioned federal agencies to bring their resources within reach.
Colonial Pipeline, which delivers about 45% of the fuel consumed on the east coast, stopped operations last week after revealing a ransomware attack which he said had affected some of his systems.
However, the attack highlighted the nation’s vulnerabilities energy sector and other critical industries whose infrastructure is privately owned. Ransomware attacks are typically carried out by hackers who encrypt the data, paralyzing the networks of victims and demanding large payments to decrypt it.
The colonial attack was a powerful reminder of the real-world implications of the expanding threat. While the Biden administration is working to deal with organized piracy campaigns sponsored by foreign governments, it must fight hard-to-prevent attacks by cybercriminals.
“We need to invest to safeguard our critical infrastructure,” Biden said Monday. Energy Secretary Jennifer Granholm said the attack “tells you how vulnerable we are” to cyberattacks on US infrastructure.
The attack came as the administration, which is still struggling with its response to massive breaches by Russia of federal agencies and private corporations, is working on an executive order aimed at strengthening cybersecurity defenses. He Department of Justicemeanwhile, it has formed a ransomware working group designed for situations like Colonial Pipeline, and on April 20 the Department of Energy announced a 100-day initiative focused on protecting energy infrastructure from cyber threats. Similar actions are planned for other critical industries, such as water and natural gas.
Despite this, the challenge facing the government and the private sector remains immense.
In that case, the FBI publicly blamed Monday for saying the criminal syndicate whose ransomware was used in the attack is called DarkSide. The members of the group are Russian-speaking and the malware of the union is coded not to attack the networks using keyboards in Russian.
Anne Neuberger, the White House’s deputy cybersecurity and emerging national security adviser, said in a briefing that the group has been on the FBI’s radar for months. He said his business model is to demand ransom payments from victims and then split revenue with ransomware developers, based on what he said was a “new and very worrying variant.”
She refused to say if Colonial Pipeline had paid any ransom and the company has given no indication one way or another. While the FBI has historically discouraged victims from making payments for fear of promoting additional attacks, it acknowledged the “extremely difficult” situation facing victims and said the administration should look “closely at this area. “the best way to deter ransomware.
“Given the rise of ransomware, this is one of the areas we are definitely looking at now to say,‘ What should be the government’s focus on ransomware actors and on bailouts in general? “”
At a national security conference, Neuberger later stated on the same day that the administration was committed to harnessing the government’s massive purchasing power to ensure that software makers make their products less vulnerable to hackers.
“Security can’t be a thing of the past,” Neuberger said. “We don’t buy a car and only then do we decide if we want to pay for seat belts and airbags.”
The United States sanctioned the Kremlin last month for an attack by federal government agencies, known as the failure of SolarWinds, which officials have linked to a Russian intelligence unit and which was characterized as an operation. intelligence gathering.
In this case, however, it is not known that hackers work at the behest of any foreign government. The group posted a statement on its dark website describing itself as apolitical. “Our goal is to make money and not create problems for society,” DarkSide said.
Asked on Monday if Russia was involved, Biden said: “” I will meet with President (Vladimir) Putin and so far there is no evidence based on, by our intelligence people, that Russia is involved, although there is evidence that the actors, ransomware, are in Russia.
“They have some responsibility to deal with that,” he added.
U.S. officials have tried to avoid worries about the possibility of a persistent economic impact and disruption of fuel supply, especially given Colonial Pipeline’s key role in transporting gasoline, aircraft fuel, diesel and others. petroleum products between Texas and the east coast.
Colonial is in the process of restarting parts of its network. He said Monday he was evaluating the inventory of products in storage tanks at his facilities. Administration officials noted that Colonial proactively withdrew some of its offline systems to prevent ransomware from migrating from enterprise computer systems to those that control and operate the pipeline.
In response to the attack, the administration relaxed regulations for the transportation of petroleum products to the roads as part of a “practical on-deck” effort to avoid disruptions in fuel supply.
“The timing of the disruption is approaching critical levels and if it continues to remain low, we expect an increase in East Coast petrol and diesel prices,” said Debnil Chowdhury, executive director of IHS Markit. The last time an outage of this magnitude occurred was in 2016, he said, when gas prices rose 15 to 20 cents per gallon. The northeast had a significantly greater local refining capacity at the time.
According to Third Bridge analysts, the pipeline uses both common and custom technology systems, which could complicate efforts to get the entire network back online.
Granholm, the Energy Secretary, said that “cyber attacks on our critical infrastructure (especially energy infrastructure) are not going away.”
“This is a serious example of what we are seeing in many places and it tells you that we need to invest in our systems, our electricity transmission network. We need to invest in cyber defense in these energy systems.” He told Bloomberg TV.
The attack has not affected the petrol supply, he said, “but if it lasts too long, of course, that will change.”
Futures on gasoline rose Monday. Crude oil and fuel futures, prices paid by traders for future delivery contracts, typically begin to rise each year as the driving season approaches. The price you pay at the pump usually follows.
The average U.S. price of regular-grade gasoline has jumped 6 cents in the past two weeks, to $ 3.02 a gallon, which is $ 1.05 higher than a year ago. The figures from a year ago stand out a bit because the nation was closed due to the pandemic.
The attack on the colonial pipeline could exacerbate upward pressure on prices if not resolved for a period of time.