The ransomware attack that forced the closure of the largest U.S. fuel pipeline this weekend showed how cybercriminals pose a far-reaching threat to the aging, vulnerable infrastructure that keeps the nation’s energy moving.
Colonial Pipeline Co. closed its entire 5,500-mile conduit carrying gasoline and other fuels from the Gulf Coast to the New York metro area Friday as it moved to contain an assault that involved ransomware, code that holds computer systems hostage. So far, no evidence has emerged that the attackers penetrated the vital control systems that run the pipeline, according to people familiar with the matter.
But the consequences of an infection spreading to that deeper layer are dire for any energy company. Many machines that control pipelines, refineries and power plants are well past their prime, have few protections against sophisticated attacks and could be manipulated to muck with equipment or cause damage, cybersecurity experts say.
Last year, a ransomware attack moved from a natural-gas company’s networks into the control systems at a compression facility, halting operations for two days, according to a Department of Homeland Security alert. The company, which Homeland Security didn’t name, didn’t have a plan to respond to a cyberattack, the agency said.
The Colonial ransomware attack is a high-profile example of the online assaults that U.S. companies, schools, hospitals and other organizations now face regularly. It should also serve as a wake-up call for the energy industry’s particular exposure, according to consultants and others who work with companies to shore up cybersecurity.
