By: Sahana Vijay Krishna and Alexandra Li
Colonial Pipeline Co., the largest refined-products pipeline in the U.S. and the main pipeline carrying gasoline and diesel fuel to the East Coast, was shut down after being hit with a cyberattack on May 6, 2021. The roughly 5,500-mile pipeline system transporting fuel from Gulf Coast refiners to the New York metro area was able to restart some smaller lines. However, its main pipelines remain shut down.
The group allegedly responsible for the cyberattack, DarkSide, said in a statement that its goal was only to make money, not to disrupt society. DarkSide is speculated to be based in Eastern Europe or Russia, as the languages involved include Russian, Ukrainian, Kazakh, and other languages formerly associated with the Soviet Union.
The cyberattack sparked major concerns about the problems and lack of security in America’s energy sector. If the pipeline continued to be closed down for five days or more, fuel shortages could largely affect retail gas stations along the entire East Coast.
The vulnerabilities of the energy industry were prominent for years before the attack, but no action was taken to ramp up the defenses. Officials thought it was safe because energy infrastructure is not connected to the internet, but new software such as ransomware allows cybercriminals to control operational systems. In 2020, energy companies took on the third most attacks out of all the industries.
The Colonial Pipeline attack exposed the magnitude of the problem facing America’s energy sector and it significantly highlighted the lack of protections against cyberattacks. The energy industry is a big target because of its millions of miles of pipeline and broad network of sensors, pressure controlling valves, leak detection systems, refineries, and electric utilities. This was a warning for companies to start building defenses to protect control systems.