Ransomware Cyberattack Forces Major US Pipeline Company to Halt Operations
Saturday May 8, 2021. 07:34 PM , from Slashdot
'Colonial Pipeline, which accounts for 45% of the East Coast's fuel, said it has shut down its operations due to a cyberattack,' reports ZDNet. 'The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure.
'The company delivers refined petroleum products such as gasoline, diesel, jet fuel, home heating oil, and fuel for the U.S. Military.'
UPDATE: Saturday the company confirmed that the attack involved ransomware.
The Associated Press reports:
Colonial Pipeline said the attack took place Friday and also affected some of its information technology systems. The Alpharetta, Georgia-based company said it hired an outside cybersecurity firm to investigate the nature and scope of the attack and has also contacted law enforcement and federal agencies. 'Colonial Pipeline is taking steps to understand and resolve this issue,' the company said in a late Friday statement. 'At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.'
Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices depends on how long the pipeline is down. An outage of one or two days would be minimal, he said, but an outage of five or six days could causes shortages and price hikes, particularly in an area stretching from central Alabama to the Washington, D.C., area. Lipow said a key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.
The precise nature of the attack was unclear, including who launched it and what the motives were...
Mike Chapple, teaching professor of IT, analytics and operations at the University of Notre Dame's Mendoza College of Business and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions. 'The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren't in place,' Chapple said...
The article also points out the U.S. government says it's 'undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks....to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity.
The White House has announced a 100-day initiative aimed at protecting the country's electricity system from cyberattacks by encouraging owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks. It includes concrete milestones for them to put technologies into use so they can spot and respond to intrusions in real time. The Justice Department has also announced a new task force dedicated to countering ransomware attacks...
Read more of this story at Slashdot.
Aug, Tue 3 - 12:24 CEST