Homeland Security

Colonial Pipeline and DarkSide: Cyber Attacks Have Real World Consequences

Cyber attacks can have real world consequences. Take, for example, an attempt by Russia-based hacking group DarkSide to extort money from Colonial Pipeline. By installing and executing ransomware on some of the company’s business-side computers, the hacking group managed to shut down the East Coast’s largest fuel pipeline.

While the computer systems that directly controlled the pipeline were not affected by the ransomware, Colonial shut them down as a precaution. The shut down will last as long as required to ensure the pipeline’s safe operation. This means permitting computer and cybersecurity experts the opportunity to analyze the networks.

By shutting down the pipeline, the hackers disrupted the flow of critical petroleum products across the East Coast. Colonial’s 5,500 mile pipeline, according to Politico, “provides nearly half the gasoline, diesel and jet fuel used on the East Coast.” Because of the shut down, fuel prices are on the rise, with AAA reporting that prices at the pump rose six cents per gallon and estimating that prices could reach their highest levels since 2014.

Bad actors use ransomware attacks to extort money from their targets. The bad actors gain access to networks, encrypt drives, and demand money in return for the keys necessary to decrypt the networks. Ransomware attacks paralyze the victims networks – the victims are unable to use the computers until the systems are restored. Frequently, this means paying the “ransom.” Until recently, bad actors had no interest in the data stored on the networks. This lack of interest, though, seems to be changing, as some experts are noting an increase in “double-extortion.” Double-extortion occurs when the bad actors steal the unencrypted data and threaten to release the information unless a second ransom is paid. And one of the groups noted in the report for engaging in this type of attack is none other than DarkSide.

The ransomware attack highlights several real world consequences for cyber attacks. Perhaps the most obvious is the ability to shut down aspects of critical infrastructure, such as utilities.

Four years ago, another Russian hacking group called Grizzly Steppe accessed a Vermont electrical utility company’s network. While the attack in 2017 did not shut down the electrical grid, it could have. Other attacks have targeted water treatment facilities and even a dam in upstate New York.

Cyber attacks have the ability to impact consumers and the American way of life. As evidenced with the Colonial attack, cyber attacks can cause interruptions to critical supplies, increasing costs for hundreds of millions of Americans. If bad actors cripple electric utilities, consumers could lose power to their houses or businesses.

Finally, cyber attacks could cost lives or severely injure people. Attacks on electricity supplies or grids could lead to the deaths of critical infrastructure workers. If the attacks happen during the winter, people could die from a lack of electricity. Attacks on water treatment facilities could result in a poisoned water supply, as was the case in Florida earlier this year.

Bad actors could be working as “lone wolves” or on behalf of foreign nations. In something of a unique step, DarkSide apologized for “creating problems for society” and stated that its “goal is to make money.” Though an attack may appear to originate from a lone wolf, neither governments nor the private sector should presume such attacks are not directed by, or benefiting, a foreign nation. At least one expert pointed out that the Russian government might be indirectly behind the Colonial attack.

It seems the lessons in the Grizzly Steppe incident were neither learned nor applied. Responding to cyber attacks requires resilience, planning, and preparation. With today’s ever-connected world, both the government and private sector should presume they are targets for bad actors. The bad actors could be seeking to exfiltrate data, extort money, or both.

As targets for bad actors, both the private sector and government should look at hardening networks, building redundancies, and planning for similar, future attacks. Hardening networks involves hardware and software solutions along with educating the workforce. A network is only as secure as the people who use it. If someone, for example, clicks on a link in a suspicious email or downloads a file attachment from an unknown source, both actions could lead to malware installation. Resilience means, among other things, constantly checking networks for intruders and malware along with keeping up with current trends. And redundancies means having back up plans in place, and executed, for the eventual reality of an attack.

The attack on Colonial Pipeline illustrates that cyber attacks can have real world consequences. Shutting down critical infrastructure impacts America’s national security, harms consumers, and can result in real lives lost. Both the private sector and government need to work together to harden networks, build resilience, and generally prepare for the next cyber attack.

In Depth: Homeland Security

Cybersecurity Governments, agencies, private sector companies, and others are all at risk for suffering some form of computer related attack. Hospitals have fallen prey to ransomware attacks. Foreign actors gained access to the Office of Personnel Management’s database. What standards should state and local governments employ regarding proper cybersecurity practices?…

+ Homeland Security In Depth