Image: OrbitalJoe/Flickr

by Amy Lupica, ODP Staff Writer

Colonial Pipeline Co., known as the “jugular” of America’s oil pipeline infrastructure, has become the latest victim of increasing cyberattacks. On Friday, the company’s systems were shut down by a ransomware attack, bringing the pipeline to a standstill for four days. Although the disruption has yet to impact oil prices, experts worry that growing ransomware attacks may impact America’s energy market, as well as the Biden administration’s shift to green energy.

Why This Matters: Colonial operates one of the largest pipelines in America, transporting oil from the Gulf Coast to 50 million people in the Southern and Eastern U.S. This disruption could not only stall energy supplies but also ripple out, impacting industries that rely on this pipeline. America’s power grids aren’t equipped to deal with sudden and significant fuel shortages:

• On February, 14 million Texans were left without power after snowfall hit much of the state. This outage was caused primarily by freezing natural gas pipes and isolation from larger intrastate power grids.
• A recent study found that a blackout during a heatwave could put millions at risk of heatstroke and death in several American cities.

As the U.S. works towards net-zero emissions, experts worry that new energy infrastructure may fall victim to similar attacks, thwarting what is already a precarious but urgent transition.

Hacking the Planet

A hacking group called DarkSide is suspected of the attack on Colonial.

• The group, which prides itself on its “professional” approach to cybercrime, installed ransomware on Colonial’s systems, encrypting their data and locking them out. DarkSide then requested a certain sum of money in exchange for a decryption key to get Colonial back online.
• In the past, DarkSide has threatened to release confidential information if a ransom is not paid, but Colonial has decided it will attempt a complete system restart.
• If the restart is successful, timing will play a key role in preventing economic consequences.

If the disruption lasts less than five days, experts say no “significant or lasting impacts” will occur. If it lasts more than six days, refiners may need to slow production as inventories rise, causing prices to fall; there may also be significant fuel shortages in portions of the Southeastern U.S. Analysts say the future is uncertain. “It’s hard to know if Colonial or the authorities in this issue even have a feeling for when this could be resolved themselves,” said Patrick De Haan, the head of petroleum analysis at GasBuddy. “I think you’re seeing the market respond very cautiously, not knowing if this could extend into five, seven, 10, 14 days.”

Future Wars

President Biden’s $2 Trillion infrastructure plan is long and thorough, but surprisingly, it doesn’t say much in the way of cybersecurity. The federal government is now weighing an executive order to create new digital safety standards for federal agencies. Still, it acknowledges that it won’t be very effective at stopping experienced hackers like DarkSide. 

In the green energy sector, both new renewables and pivoting giants are leaving cybersecurity as an afterthought, but experts say security must be a priority for any significant infrastructure plan, especially one as necessary as this.

“Designing and building security into any complex infrastructure with digital components, in the beginning, is far more effective than trying to ‘bolt’ it on after the fact,” said Grant Schneider, the former National Security Council senior director for cyber policy. “Getting security right from the start is even more important with infrastructure systems that will be in place for years and possibly decades to come.”