On May 7, 2021, Colonial Pipeline announced a ransomware attack on their systems. As one of the largest pipelines in the United States, providing nearly 50% of the East Coast’s supply of gasoline, this attack had significant repercussions, including a rush to stock up on gasoline in Eastern states and a resulting temporary gas shortage.
Though operations went back to normal within the week, this attack raised important questions about America’s approach to cybersecurity. In response, President Joe Biden signed an executive order intended to increase resilience to the increasingly sophisticated and frequent cyber attacks on American infrastructure.
What Caused the Pipeline Hack?
The Colonial Pipeline cyber attack was caused by the hacking group DarkSide, based in Eastern Europe. DarkSide likely gained access to Colonial Pipeline systems through the use of a leaked VPN password. The company did not have two-factor authentication, making them increasingly vulnerable.
DarkSide has stated that their attack was driven by the desire for financial gain, rather than having a political motivation. Though Colonial Pipeline recovered some of the $4.4 million in bitcoin they paid to DarkSide, the effects of this attack were not insignificant.
Upon announcing the ransomware attack, Colonial Pipeline paused its operations and froze its IT systems. This caused consumer fears about gasoline shortages, leading to panic buying and long gas lines. Some took their panic further, making the dangerous decision to fill up plastic bags with gasoline out of desperation. Due to increased demand and low supply, gas prices skyrocketed.
The aftermath of this attack spurred President Biden to issue a cybersecurity executive order to prevent and prepare for future attacks.
The Cybersecurity Executive Order
The new executive order on cybersecurity is intended to improve preparedness for cyber attacks through the increased collaboration and communication between the federal government and private organizations. The federal government’s previous approach had been primarily responsive, partly due to the complexity and cost of creating a preventative approach.
The executive order contains the following changes:
- Increases ability to detect breaches and improve reporting and logging of any incidents that occur
- Employs an “Energy Star” system that informs consumers about the degree of safety of the system and software
- Creates a new committee, known as the Cybersecurity Safety Review Board
- Ensures there is a standardized response to cyber attacks at the federal level
- Increases ease of information sharing between public and private sectors
Increased Security and DFARS Compliance
Department of Defense contractors are already required to follow DFARS compliance. DFARS is a set of strict cybersecurity regulations and standards. At a minimum, Department of Defense contractors must ensure that there is an adequate provision of security, as well as report any cyber incident that occurs as quickly as possible.
Although DFARS provides comprehensive guidance on what constitutes adequate security, this new executive order fleshes this out further. DFARS also only extends to Department of Defense contractors. Thus, the new executive order may encourage other government agencies to develop and implement their own cybersecurity networks.
Though it’s not known when the next cyber attack on major US infrastructure will occur, the Colonial Pipeline hack certainly wasn’t the last. The White House’s renewed focus on cybersecurity will ensure that the private sector is ready the next time hackers strike.