The federal government has all hands on deck to help one of the largest fuel companies recover from a major cyberattack that halted its operations and is threatening consumers’ wallets, Commerce Secretary Gina Raimondo said Sunday.
The cyberassault on Georgia-based Colonial Pipeline Co., which operates one of the largest fuel pipelines in the U.S. and supplies about 45% of all fossil fuel consumed on the East Coast, underscores how havoc wreaked on critical infrastructure could quickly hurt people nationwide.
Experts worry that fuel prices are more likely to increase the longer Colonial’s stoppage or slowdown becomes.
A five- or six-day outage to Colonial could cause higher prices in an area stretching from central Alabama to the Washington metropolitan area, oil analyst Andy Lipow told Fox 5 in Atlanta.
Ms. Raimondo told CBS that the cyberattack is a “top priority” for the Biden administration and she will work closely with Homeland Security Secretary Alejandro Mayorkas on implementing the government’s response. She said President Biden was briefed about the attack Saturday.
“Unfortunately, these sorts of attacks are becoming more frequent. They’re here to stay, and we have to work in partnership with businesses to secure networks, to defend ourselves against these attacks,” Ms. Raimondo said on “Face the Nation.”
“As it relates to Colonial, the president was briefed yesterday. It’s an all-hands-on-deck effort right now. And we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply,” she said.
Colonial said Saturday that the cyberattack began Friday and involved ransomware. The pipeline operator said it began working with a private cybersecurity company as well as law enforcement and federal government agencies.
Ransomware is malicious software that requires payment in exchange for returning access to data or systems held hostage by cyberattackers.
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems,” Colonial said in a statement Saturday.
The Cybersecurity and Infrastructure Security Agency has said it is working with Colonial and other federal agencies to help fix the problem.
The government and the company have not formally attributed the ransomware attack to anyone.
The cybersecurity firm Check Point Research has suggested that Ryuk ransomware might be giving Colonial fits.
“According to follow-up reports, it has been suggested that Ryuk ransomware is behind the attack. Ryuk, with more than 2,000 victims in 2021, is by far one of the most successful ransomware of recent years,” Ekram Ahmed, Check Point spokesperson, said in an email. “The U.S. is one of the favorite markets of Ryuk, where 15% of its efforts are invested in targeting American companies and organizations.”
Ryuk is believed to have been devised by Russian crime cartels.
Mr. Mayorkas, whose department oversees the Cybersecurity and Infrastructure Security Agency, said every organization needs to be vigilant to better protect against cyberattacks in general and ransomware in particular.
“This underscores the threat that ransomware poses to organizations regardless of size or sector,” the agency said in a statement published on Twitter. “We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
According to Check Point Research, the number of attempted ransomware attacks against utilities organizations rose sharply in the first months of this year compared with the same period last year.
The damage of cyberattacks has been felt more acutely since the onset of the COVID-19 pandemic because it has pushed more people online.
The FBI detected an uptick in ransomware complaints in the final months of 2020, which coincided with ransomware attacks against hospitals and medical centers also burdened by the pandemic.
Beyond ransomware, major cyberintrusions have affected many levels of government in recent months.
A water treatment plant in Oldsmar, Florida, was breached in February by a hacker that appeared to benefit from poor password security and outdated systems. A plant operator ultimately prevented the hacker from causing damage.
More sophisticated hackers have infiltrated government systems elsewhere, and the subsequent overhaul of federal cybersecurity rules have come with a hefty price tag for taxpayers.
The Biden administration identified Russians as responsible for the hack of SolarWinds computer network management software that it said compromised nine federal agencies. Microsoft, meanwhile, identified China-based hackers as responsible for hacking its Microsoft Exchange servers.
The Biden administration imposed sanctions on Russia in response to the SolarWinds intrusions and secured $650 million for the Cybersecurity and Infrastructure Security Agency as part of a larger COVID-19 relief package.
Rep. Jim Langevin, Rhode Island Democrat, and Rep. Mike Gallagher, Wisconsin Republican, wrote to appropriators last month that the Cybersecurity and Infrastructure Security Agency would fail if it did not get $400 million more right away.
Mr. Biden has selected new cybersecurity leadership for the federal government, including National Security Agency Deputy Director John C. Inglis to serve as the nation’s first cybersecurity director and former NSA official Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency.
Mr. Biden also selected former NSA official Anne Neuberger to serve as deputy national security adviser for cyber and emerging technology.