Oil industry rattled by cyberattack on US gas pipeline

10 May 2021

Image: © Roger Asbury/Stock.adobe.com

The attack last week forced the US government to pass emergency legislation, while oil prices in the country have increased.

After a cyberattack on a major gas pipeline, the US passed emergency legislation over the weekend around how fuel can be transported.

Hackers targeted the Colonial Pipeline on Friday (7 May) with a ransomware attack and siphoned off data from its network. The 8,850km-long pipeline runs from Texas to New York and carries almost half of the US east coast’s supply of fuel.

The attack knocked much of the pipeline’s network offline, with operators scurrying to restore services over the weekend.

According to a report from Bloomberg, the attackers are part of a cybercrime group called DarkSide and managed to steal nearly 100GB of data before the attack was detected. NBC News reported that the group may have ties to Russia.

The Biden administration’s emergency legislation loosens up rules around how fuel can be transported, allowing for greater use of road transport of fuel in certain states.

The declaration stated that the “emergency is in response to the unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel and other refined petroleum products”.

There are fears that the attack could cause a spike in oil prices and this morning (10 May) US petrol prices were up 1.5pc. But an impact will be felt if there are any further delays in getting the pipeline fully functioning again, which could lead to higher prices for consumers refilling their cars.

A cyberattack such as this has highlighted the real-world implications of attacking physical infrastructure.

“This could be the most impactful ransomware attack in history, a cyber disaster turning into a real-world catastrophe,” Andrew Rubin, chief executive of cybersecurity company Illumio, said.

“It’s an absolute nightmare, and it’s a recurring nightmare. Organisations continue to rely and invest entirely on detection as if they can stop all breaches from happening. But this approach misses attacks over and over again,” he said

“Before the next inevitable breach, the president and Congress need to take action on our broken security model.”

Jonathan Keane is a freelance business and technology journalist based in Dublin

editorial@siliconrepublic.com