Colonial Pipeline attack tip of the infrastructure risk iceberg: DHS cyber chief

The Colonial Pipeline attack is said to be the work of the Russian ransomware group Darkside.

After a hacking group forced Colonial Pipeline, the nation's largest system for refined oil products to shut down suddenly, government officials are warning cyberattacks against U.S. businesses and infrastructure will become more frequent. 

Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Brandon Wales made that clear during Q&A while testifying before lawmakers on the Senate Homeland Security Committee. 

"If [there is] ransomware focused on Colonial, there is likely to be ransomware focused on other critical infrastructure as well, isn't that true?" asked Sen. Rob Portman, R-Ohio, the ranking member of the committee.


"That is true," Wales responded. 

After more than 100 major attacks in the last decade — including a 2020 attack that saw five Chinese hackers indicted — there has not been any major legislation that offers full protection for U.S. companies. The Biden administration is reportedly considering an executive order to ramp up safety standards for federal agencies that could be threatened.

And it can't come soon enough. The attack on the Colonial Pipeline, said to be the work of Russian ransomware group Darkside, is straining supply and panicking drivers who have lined up at gas stations up and down the East Coast with North Carolina and Virginia declaring a state of emergency. 

"This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever. It shows that cyberattacks can have tangible, real-world consequences," Sen. Portman remarked. 

The hearing comes as fuel shortages have widened up and down the East Coast as consumers continue to panic buy amid the aftermath of the pipeline's cyberattack.

Colonial Pipeline Company connects refineries with customers and markets throughout the Southern and Eastern United States through a pipeline system that spans more than 5,500 miles between Houston, Texas and Linden, New Jersey.

Colonial Pipeline’s 5,500-mile system transports more than 100 million gallons of gasoline, diesel, jet fuel and heating oil per day, or roughly 45% of the fuel consumed on the Eastern Seaboard between the Gulf Coast and the New York metro area. 

The fallout could be swift as lawmakers want answers to ensure an attack of this magnitude doesn't happen again, with Portman questioning the process by which CISA was notified.

"If the FBI had not brought you in, would Colonial do you think, have contacted you to ask for your assistance?" Portman asked Wales. 

"No," he replied. 

"Do you think that's a problem?" the retiring Ohio legislator questioned.  

"I think that there is benefit when CISA is brought in quickly," Wales stated. 

And already, some lawmakers are rushing to improve the safeguards surrounding the infrastructure. 

In a letter to Wales, Rep. John Katko, R-N.Y., the ranking member of the House Committee on Homeland Security, noted that the Pipeline Cybersecurity Initiative, housed within the National Risk Management Center (NRMC), has shown promise as a voluntary, public-private partnership to evaluate pipeline assets with a Validated Architecture and Design Review (VADR).
"These VADR assessments have proven effective at identifying a wide range of potential vulnerabilities within pipeline systems – some of which have been publicly distilled," wrote Katko. "Better understanding common security flaws and common misconfiguration issues is in everyone’s best interests, and these aggregated insights will help enhance national resilience. For this reason, my CISA appropriations request sent last week proposed an increase of 50% for the infrastructure analysis mission in the NRMC’s budget."


Katko continued, "Now, in the wake of the Colonial Pipeline ransomware incident, ensuring the success, growth, and effectiveness of the Pipeline Cybersecurity Initiative is more important than ever before."