Any shortcomings by Colonial would be especially egregious given its critical role in the U.S. energy system, providing the East Coast with 45% of its gasoline, jet fuel and other petroleum products.
Smallwood, a partner at iMERGE and managing director of the Institute for Information Governance, said he prepared a 24-month, $1.3 million plan for Colonial. While iMERGE’s audit was not directly focused on cybersecurity “we found many security issues, and that was put in the report.”
Colonial’s statements Wednesday suggest it may have heeded a number of Smallwood’s recommendations. In addition, it says it has active monitoring and overlapping threat-detection systems on its network and identified the ransomware attack “as soon as we learned of it.” Colonial said its IT network is strictly segregated from pipeline control systems, which were not affected by the ransomware.
Pipeline Hack Points to Growing Cybersecurity Risk for Energy System
Energy infrastructure has increasingly come under assault, and analysts said the attack that cut off fuel supplies this week should be a “wake-up call.”
Cars lined up for gasoline in Charlotte, N.C., on Tuesday.Credit.Logan Cyrus/Agence France-Presse Getty Images
Published May 13, 2021Updated May 18, 2021
WASHINGTON The audacious ransomware attack that shut down a major fuel pipeline and sent Americans scrambling for gasoline in the Southeast this week was not the first time hackers have disrupted America’s aging, vulnerable energy infrastructure. And it’s unlikely to be the last.
A
If the Colonial Pipeline hack is a wakeup call, it feels like we’ve been pushing the snooze button since at least 2003. Homeland Security Presidential Directive 7, issued that December, identified “a wide array of critical infrastructure and key resources” as “potential terrorist targets,” including the possibility of cyberattacks. Almost two decades on, the East Coast’s main fuel artery is offline, gas tanks are running dry across the Southeast and the government is warning the more innovative drivers among us not to fill plastic bags with gasoline. So maybe HSPD-7 didn’t quite cut it.
This year is like a grotesque showcase for the inherent vulnerabilities of energy networks. In February, Texas suffered a brutal breakdown in its electricity grid. Now, the Colonial Pipeline’s takedown by ransomware, while continuing and still lacking for details, is a shocking reminder that whatever’s connected can be infected.
Natural gas pipeline company hits pause button mailtribune.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from mailtribune.com Daily Mail and Mail on Sunday newspapers.
The oil and gas industry and some Republican leaders are resisting new calls for mandated cybersecurity standards for pipelines in the wake of the ransomware attack on the Colonial Pipeline.