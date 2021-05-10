Clear
SEVERE WX : Frost Advisory View Alerts

Colonial Pipeline wasn't the first and won't be the last cyber pirate attack

President Joe Biden shares how his administration responded to the fallout of a ransomware attack on the Colonial Pipeline, which supplies much of the eastern United States its gasoline.

Posted: May 10, 2021 7:30 PM
Updated: May 10, 2021 7:30 PM
Posted By: Analysis by Zachary B. Wolf, CNN

The fact that an apparent group of cyber pirates -- a secret criminal nerd syndicate -- can take down the aorta of fuel for the East Coast should be sending shockwaves through the country.

We've all read this year about the pandemic threatening supply chains and about climate change causing more freak weather that threatens power grids. Meanwhile, hackers have also gotten more brazen, locking companies key to the US infrastructure.

This week it's Colonial Pipeline. But it's been hospital systems. Cities. Schools. Everything from the city of Atlanta to the DC Police Department has been hit by ransomware.

And while they can't be tied in all or even most cases to foreign governments, that should not distract us from the fact that the US appears to be under attack.

For more straight reporting on Colonial Pipeline, read this CNN report from Zachary Cohen, Geneva Sands and Matt Egan explaining the broad strokes and business implications. This one from Kevin Liptak focuses on what the US government, and specifically President Joe Biden, is going to do about it.

Here are my takeaways:

The Colonial Pipeline is a vital piece of US infrastructure.

Spanning more than 5,500 miles, it transports about 45% of all fuel consumed on the East Coast. It transports 2.5 million barrels per day of gasoline, diesel, jet fuel and home heating oil. No disruptions have yet been felt from the shutdown of the pipeline, but this is not something that should be able to be shut down.

This sounds like an underground criminal syndicate.

The ransomware group claiming credit for the Colonial Pipeline attack is called DarkSide, originates from Russia and is thought to rent out its software to other hackers. The US has not specifically tied DarkSide to the Russian government, but rather thinks the group is operating for profit.

Related: More on DarkSide

This is apparently going to get worse.

"All of our industries are going through some form of digital transformation, which means they're becoming more connected and taking advantage of things like cloud resources. That connectivity allows adversaries to come into those systems and compromise them in these ways," Rob Lee, the CEO of Dragos, a cybersecurity firm, told CNN 's Jim Sciutto on Monday.

There are big targets and small targets.

A good portion of the country could feel the pinch of higher gas prices and potential jet fuel shortages as Colonial Pipeline races to bring itself fully back online. That is a very big attack.

Fewer people were directly hurt when the DC Police Department was targeted and hackers threatened to release information on confidential informants.

The range of targets is extensive.

"Everybody is vulnerable," said Lee. "We are going to experience attacks. The real question is how we're going to be more responsive and more resilient in the face of those attacks so that the consequence doesn't impact our daily lives."

There's a lot we don't know.

The exact nature of the Colonial Pipeline attack, whether there were demands or it was discovered, is not clear from the company's statements. PC Mag reported in April on how communications from ransomware extortionists can read and how they exert pressure on companies to pay ransom rather than have sensitive data released to customers.

For every attack you hear about, there are others you don't.

More than two dozen government agencies in the US have been hit this year alone, according to experts. Homeland Security Secretary Alejandro Mayorkas raised the alarm about these attacks just last week, in a speech before the US Chamber of Commerce before Colonial Pipeline was hit, calling them an "existential threat" to businesses.

More than $350 million in victim funds -- ransom, essentially -- was paid as a result of ransomware in the past year, and the rate of ransomware attacks increased over the prior year by more than 300%, he said.

This will influence the debate over Biden's plan to update US infrastructure.

Look for a coming debate over whether Biden's $2 trillion plan to update the country's infrastructure does enough to protect it from cyberattacks. Politico wrote in April about concerns that there was not enough attention in the plan to securing the new infrastructure. On the other hand, the existing infrastructure is clearly susceptible to attack.

Government hacks vs. ransomware attacks.

Before this Colonial Pipeline ransomware attack, the main recent US breach this year had come not from ransomware pirates seeking a payday, but from Russian hackers potentially seeking intelligence, who got in by hacking software from a Texas company, SolarWinds. They infiltrated at least nine US government agencies, including the Department of Homeland Security, and scores of private companies.

Separately, a Chinese-linked hack of Microsoft Exchange servers across the globe likely compromised data that could lead to more attacks.

There's may be little functional difference between ransomware pirates and foreign governments hacking US systems.

Here's an excellent quote from Chris Krebs, who until last November was director of the Cybersecurity and Infrastructure Security Agency at DHS. He told CNN that the distinction between a Russian state actor and a crime network operating inside Russia is "increasingly irrelevant."

"Ransomware crews have been operating out of Russia for years, with great effect on our schools, on our state and local government agencies, on our health care facilities," he said. "They have effectively the tacit approval of the Russian government, and it has to end."

A lot of the infrastructure we rely on is privately owned.

I am struck in CNN's reports at the bright line between Colonial Pipeline, the private company carrying fuel through the pipeline, and the US, whose infrastructure depends on it.

The tidbit in Liptak's story that caught my eye is that Colonial Pipeline has not asked the government for help.

"This weekend's events put the spotlight on the fact that our nation's critical infrastructure is largely owned and operated by private sector companies," said Elizabeth Sherwood-Randall, the White House homeland security adviser. "When those companies are attacked, they serve as the first line of defense and we depend on the effectiveness of their defenses."

Anne Neuberger, the top official responsible for cybersecurity on the National Security Council, said Colonial Pipeline had not asked for "cyber-support" from the federal government but that federal officials were ready and "standing by" to provide assistance if asked.

Neuberger would also not say if Colonial Pipeline had paid ransom, but noted that companies are in a "difficult situation."

Related Content

Scroll for more content...

Minnesota Coronavirus Cases

Data is updated nightly.

Cases: 587762

Reported Deaths: 7324
CountyCasesDeaths
Hennepin1217771724
Ramsey50848870
Dakota45493446
Anoka41276436
Washington26615280
Stearns22077221
St. Louis17637302
Scott17137124
Wright15873139
Olmsted1316498
Sherburne1157185
Carver1041645
Clay811792
Rice7991106
Blue Earth744441
Crow Wing658688
Kandiyohi650683
Chisago589051
Otter Tail571778
Benton563697
Goodhue474972
Mower463732
Douglas463674
Winona451850
Itasca428053
McLeod420258
Morrison416260
Isanti415364
Nobles407148
Beltrami391058
Steele383915
Polk382268
Becker377950
Lyon359250
Carlton343553
Freeborn340729
Pine326222
Nicollet322743
Brown304040
Mille Lacs300352
Le Sueur288222
Todd280432
Cass269028
Meeker253740
Waseca236222
Martin229731
Roseau207519
Wabasha20473
Hubbard186341
Dodge18313
Renville178643
Redwood172636
Houston171315
Cottonwood164221
Fillmore155310
Wadena154522
Pennington153619
Chippewa151638
Faribault151119
Kanabec143224
Sibley142310
Aitkin133936
Watonwan13189
Rock127819
Jackson121811
Pipestone114726
Yellow Medicine113820
Pope10916
Murray10609
Swift104818
Stevens90211
Marshall87817
Clearwater86116
Koochiching81715
Lake80819
Wilkin80412
Lac qui Parle75022
Big Stone5984
Lincoln5773
Grant5678
Mahnomen5459
Norman5399
Unassigned48693
Kittson48422
Red Lake3957
Traverse3685
Lake of the Woods3213
Cook1590

Iowa Coronavirus Cases

Data is updated nightly.

Cases: 365723

Reported Deaths: 5925
CountyCasesDeaths
Polk57406622
Linn20778334
Scott19903240
Black Hawk15777308
Woodbury15105228
Johnson1444083
Dubuque13347209
Dallas1114698
Pottawattamie11082168
Story1058248
Warren575088
Clinton552792
Cerro Gordo537889
Sioux513474
Webster511493
Marshall482075
Muscatine476299
Des Moines453266
Wapello4288122
Buena Vista424240
Jasper417771
Plymouth400480
Lee374255
Marion361075
Jones297357
Henry290837
Carroll285152
Bremer283360
Crawford265840
Boone263334
Benton255455
Washington253650
Dickinson247843
Mahaska229551
Jackson221142
Kossuth215264
Clay215125
Tama209171
Delaware208740
Winneshiek196834
Page192622
Buchanan190531
Cedar189223
Hardin184943
Fayette184741
Wright184236
Harrison179373
Hamilton179249
Clayton169456
Butler164634
Mills161722
Madison161419
Floyd160142
Cherokee158538
Lyon157541
Poweshiek154733
Allamakee150951
Iowa148224
Hancock147034
Winnebago141631
Cass137854
Calhoun137313
Grundy136233
Emmet134140
Jefferson132335
Shelby130537
Sac130119
Union128133
Appanoose127949
Louisa127849
Mitchell125842
Chickasaw123915
Guthrie120829
Humboldt118826
Franklin118121
Palo Alto112423
Howard104422
Montgomery103238
Clarke99824
Unassigned9770
Keokuk95531
Monroe95129
Ida90234
Adair86332
Pocahontas85322
Monona82830
Davis82524
Osceola78216
Greene77610
Lucas77123
Worth7428
Taylor65712
Fremont6229
Decatur6069
Van Buren55718
Ringgold55524
Wayne53623
Audubon50710
Adams3384
Rochester
Mostly Cloudy
52° wxIcon
Hi: 55° Lo: 39°
Feels Like: 52°
Mason City
Cloudy
54° wxIcon
Hi: 58° Lo: 44°
Feels Like: 54°
Albert Lea
Cloudy
54° wxIcon
Hi: 55° Lo: 42°
Feels Like: 54°
Austin
Cloudy
52° wxIcon
Hi: 55° Lo: 42°
Feels Like: 52°
Charles City
Cloudy
° wxIcon
Hi: 57° Lo: 44°
Feels Like: °
Gradual warm-up this week
KIMT Radar
KIMT Eye in the sky

Most Popular Stories

Latest Video

Image

RCTC scholarship donation

Image

Aaron's Evening Forecast (5/10/21)

Image

Construction season begins in Rochester

Image

Sean's Weather 5/10

Image

Kasson State Theatre trying to bounce back during the pandemic

Image

Celebrating Mother's Day

Image

Bruins chasing last playoff spot

Image

USA Curling Headquarters moving to Minnesota

Image

Aaron's Sunday Night Forecast (5/9/21)

Image

Motorcycle group wants people to be aware of riders

Community Events