Colonial Pipeline hack latest in rising threat of ransomware attacks

Long lines and dry pumps at gas stations across the East Coast this week alerted Americans to the growing threat of cyberattacks on the systems that control many aspects of their lives and safety. 

Security experts say the ransomware attack that led to a five-day shutdown of Colonial Pipeline Co.’s lines supplying fuel to 14 states was just the latest of hundreds of such hacks on critical industries in the past year. Meanwhile, recommendations from security watchdogs that would bolster protections against such threats have gone unheeded. 

The tightest security would disconnect critical systems from the internet, experts say, as nuclear plants are required to do. And the government could mandate other security protocols rather than make recommendations with no penalties for non-compliance. 

“The United States is one of the few countries that doesn’t have any regulation at a national level for cybersecurity for its critical infrastructure,” said Eric Cole, who served on the Center for Strategic and International Studies’ Commission on Cyber Security during the Obama administration and whose book Cyber Crisis comes out next month.   

The number of attacks on companies that provide essential services from banking and electricity to ambulances and agriculture has risen steadily over the past decade with more than 250 ransomware assaults launched on U.S. entities considered critical infrastructure in 2020 alone, according to data compiled by Temple University.   

Those included railroad systems, courts, jails, police departments, school districts, electric utilities and city halls big and small.  

And now, the Colonial Pipeline. 

“This is the one people have been warning about for some time, that they could physically incapacitate infrastructure,” Malcolm Nance, a retired Navy counter-terrorism intelligence officer of 35 years and author of multiple books on national security, said of the Colonial hack. “Now we need an all-hands-on-deck review of the entire internet-controlled infrastructure of the U.S. — that’s oil, that’s gas, natural gas, water.”  

In Graphics:US gas prices rise as Colonial Pipeline reopens after ransomware attack

Ransom:Colonial Pipeline reportedly pays $5M in cryptocurrency to hackers to end ransomware cyberattack

There currently are no federal regulations on cybersecurity measures for most private companies – even those that provide vital supplies and services, like oil and gas.