Experts weigh in on what the Colonial attack teaches critical infrastructure providers about preparation and incident response.
In one of the most disruptive cybersecurity incidents to take place in the United States, Georgia-based Colonial Pipeline announced late Friday that it was the victim of a cyberattack, later confirmed to be a ransomware attack. The company said it proactively took specific systems offline and halted all pipeline operations.
Colonial called in federal authorities and hired FireEye Mandiant to conduct an incident response investigation. On Sunday, the third day of its shutdown, Colonial said it was developing a system restart plan while keeping its four main oil lines offline. The company said it would bring its “full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”
News of Colonial’s shutdown reverberated all weekend throughout the cybersecurity world, given how critical Colonial’s pipeline business is to the nation’s economic health. Colonial transports 2.5 billion barrels of oil per day to the eastern US and connects to 30 refineries and almost 300 distribution terminals. It carries gas and other fuel from Texas to the Northeast, delivering around 45% of the fuel consumed on the East Coast.
The criticality of Colonial Pipeline to the national infrastructure became clear late Sunday when the Biden administration issued emergency waivers in response to the cyberattack, lifting limits on the transportation of fuels by road as fears of shortages begin to put upward pressure on oil and gas prices. Commerce Secretary Gina Raimondo said that the President had been briefed, and it’s an “all-hands-on-deck” situation to ensure the attack doesn’t disrupt the US oil supply.
This article appeared in CSO Online. To read the rest of the article please visit here.