For The Record

Pipeline cyberattack serves as wake-up call to protect infrastructure

By: - May 14, 2021 7:22 am

The nearly weeklong shutdown of Colonial Pipeline’s fuel operations led to a rush and eventual fuel shortage at gas stations like this Ackworth Texaco on Wednesday. By Thursday, Colonial had resumed fuel delivery to all of its markets following the cyberattack. Ross Williams/Georgia Recorder

The ransomware attack against Colonial Pipeline that shut down access to a pipeline that supplies fuel along the East Coast is sparking new calls to beef up protection of the nation’s energy infrastructure.

Colonial announced on Thursday afternoon that fuel was flowing through Atlanta and the rest of its markets but that there would likely be several more days of intermittent service interruptions.

“Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal,” the company said in a statement. 

But resolving the ransomware attack that took the 5,500-mile pipeline off line reportedly cost Colonial almost $5 million in ransom to a group of hackers. The FBI typically does not recommend victims of cyber attacks pay ransoms.

Bloomberg was the first media outlet Thursday to report that Alpharetta-based Colonial Pipeline paid the ransom through cryptocurrency to regain control of the computer system needed to operate the pipeline. 

President Joe Biden announced Thursday that the U.S. Justice Department launched a new task force to prosecute cyber attackers. 

Biden said a new executive order calls for federal agencies to work more closely with private companies to better protect electrical, natural gas, fuel and water systems, and other critical infrastructure. 

“This event is providing an urgent reminder of why we need to harden our infrastructure and make it more resilient against all threats, natural and manmade,” Biden said. “My administration is continuing to safeguard our critical infrastructure, the majority of which is privately owned and managed.”

Biden and Colonial Pipeline representatives have declined to comment when asked about the ransom payments. The company did not respond to a request for comment from the Recorder.

The FBI confirmed Thursday that the hackers are part of DarkSide, a group believed to be from Russia but doesn’t appear to have ties to the Russian government. 

The good news for Colonial Pipeline, which supplies 45% of the fuel along the Eastern Seaboard, is back up and running while avoiding any long-term damage. Still, it should also be another wake-up call about how serious these threats are to infrastructure, said Timothy Lieuwen, the Strategic Energy Institute executive director at Georgia Tech.

Although the federal government can’t dictate how a private company manages its cyber system, it can provide a strong resource supporting those efforts, he added.

“There’s a lot of talk about sticks – forcing companies to satisfy certain requirements,” Lieuwen said. “But I think we should spend just as much time on the carrots. How do you incent companies? How do you incent small businesses? How do you incent this American business ecosystem to bring all its guns and resilience and not just its lowest cost services?”

Georgia’s governmental entities are also no strangers to feeling the effects of online attackers. In 2018, Atlanta became a victim of the largest ransomware breach of an American city. A year later, hackers infiltrated records used by the Georgia State Patrol officers and blocked dozens of courts from accessing software and data.

In response to the 2019 attack, Gov. Brian Kemp created a cybersecurity board made up of experts within the Georgia National Guard, Emergency Management Homeland Security Agency, Georgia Cyber Security Center in Augusta and other agencies.

In the wake of the Colonial Pipeline ransomware attack, the governor renewed the state’s commitment to strengthening its cyber security protocols. 

“(The cybersecurity)  advisory board will be coordinating with state agencies so that they are being as proactive as possible in preventing any other potential attacks to our state systems,” Kemp said during a press conference Wednesday. 

Lieuwen said that the government and universities like Georgia Tech can also help close the workforce gap in cyber-related jobs. 

“This is a real opportunity for the state of Georgia team to step up and really help our country,” he said. “We have a lot of assets, a lot of resources that we can bring to bear.”

Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics.

Stanley Dunlap
Stanley Dunlap

Stanley Dunlap has covered government and politics for news outlets in Georgia and Tennessee for the past decade. The Georgia Associated Press Managing Editors named Stanley a finalist for best deadline reporting. The Tennessee Press Association honored him for his reporting on the disappearance of Holly Bobo.