Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

Disruptionware VI: Cyber-Attack against Colonial Pipeline Illustrates Continued Vulnerability of American Energy and Infrastructure Targets

Share

Disruptionware attacks have become increasingly more common over the last few months. Just last month, I wrote about a dangerous disruptionware attack against a Florida Water Treatment Center that could have been a mass casualty event. For more information on these types of attacks, please refer to our posts on different types of disruptionware attacks and how disruptionware attacks work.

On May 7, 2021 a major U.S. gasoline pipeline was shut down by a strategically delivered disruptionware attack. Colonial Pipeline, which transports over 100 million gallons of gasoline and other fuel throughout the East Coast daily, was forced to pause operations and stop the pipeline’s transfer of fuel to many different cities and major airports. The scope and implications of this attack prompted remarks from President Biden, and both the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have been brought in to assist with the investigation.

Described as one of the “most disruptive digital ransom schemes ever reported,” this incident highlights the classic signs of a disruptionware attack. The initial attack was a ransomware attack, which is the most common type of disruptionware attack. These disruptionware cyber-attacks are highly effective at attacking – and shutting down – both the Informational Technology (IT) and Operational Technology (OT) networks used by victims to conduct their activities. In this case, it appears that the hackers were able to infiltrate and shut down both IT and OT networks through the malware introduced into the pipeline’s control systems.

This attack, believed to have been perpetrated by the Russian cyber-criminal group “Darkside,” has caused Colonial Pipeline to take many of its operations offline. This has led to potential fuel shortages throughout the East Coast, affecting international airports, many cities, and states that rely on the pipeline for a flow of gasoline and other fuels. The affected pipeline provides over 45% of all fuel consumed on the East Coast, affecting over 50 million people. As of May 12, there are still four major veins of the Colonial Pipeline offline with no date noted for when full operations will return. According to news wires, the hackers stole more than 100 gigabytes of Colonial Pipeline’s data and are demanding a ransom in return for not releasing the stolen data to the public.

It is clear that the government is slowly coming around to the truth that much of the American energy industry, as well as major aspects of the U.S. infrastructure, has insufficient cyber security controls and defenses in place. Former CISA Director Christopher Krebs called these assaults on our major critical regional pipelines a sign that the cyber-attacks against our energy industry are “out of control.”  According to Reuters, Senator Bill Cassidy from Louisiana, who sits on the Senate Energy Committee, commented that “the implications for this, for our national security, cannot be overstated.”

It appears clear, based on multiple media reports, that the alleged cyber threat actors were foreign state nationals. One question still unanswered is whether the attack was strictly financially motivated, or whether it was at the behest of a foreign nation state government designed to weaken our national infrastructure. According to Databreachtoday.com, “these pipelines have been designated critical infrastructure. Intentionally disrupting or damaging these systems can be considered an act of terrorism. As more is learned about the event, and as the motivation of the actor or actors becomes clear, we’ll find out if this event has taken us from a cold to a much warmer cyber conflict.”

After recent nationally highlighted cyber-attacks, including the Florida Water Treatment plant, Solar Winds and the Microsoft Exchange Server vulnerability attack, the Biden Administration has emphasized the need for greater cyber defenses around our nation’s power grid and other infrastructure targets. It is clear that it is now time to prioritize the cyber safety and security of our nation’s infrastructure from these nefarious and destructive cyber-attacks.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics Supervisory Special Agent with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

May 12, 2021
Written by: Jason G. Weiss
Category: Disruptionware, Privacy

Post navigation

Previous Previous post: Second Circuit Addresses Critical Issue in Data Breach Class Actions: Article III Standing Based on Allegations of Future Misuse of Personal Data
Next Next post: New Bill Proposes that Americans Should Be Able to Sue Foreign Hackers

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT