Because it is privately held, Colonial is under less pressure than a publicly traded company to reveal the details. But as the custodian of a major piece of the country’s cyberinfrastructure, the company is bound to be scrutinized about the quality of its security and its transparency about its response to this attack.
People familiar with the investigation said that although the Colonial insisted that the attack came to light on Friday, the incident unfolded for several days. It has hired private cyber security company FireEye, which has responded Hacking of Sony Pictures Entertainment, Violation of energy facility in the Middle East and numerous events involving the federal government.
Bringing down pipeline operations to protect against a widespread, more damaging intrusion is fairly standard practice. But in this case, the question remains whether the attackers now have the ability to directly turn on or off the pipelines, or to bring operations that could cause an accident.
The ransomware attack is the second such incident aimed at a pipeline operator. Last year, the Cyberspace and Infrastructure Security Agency reported a ransomware attack on a natural gas compression facility belonging to a pipeline operator. This led to the closure of the facility for two days, although the agency never disclosed the company’s name.
Cyber security experts say the increase in automatic attack tools and ransom payments in cryptocurrencies, making it harder to detect criminals, has intensified such attacks.
Ulf Lindquist, director of SRI International, which is a threat to industrial systems. “We’re talking about the risk of injury or death, not just because of losing your email.”
The Colonial Pipeline, located in Alpha, Gata, is owned by several American and foreign companies and investment firms, including Koch Industries and Royal Dutch Shell. The pipeline connects Houston and New York and New Jersey ports and also provides jet fuel to major airports including Atlanta and the Washington, DC, area.