Since Colonial is privately owned, there is less pressure than a public company to reveal details. However, as the manager of an important part of the country’s cyber infrastructure, the company needs to scrutinize the quality of its protection and its transparency about how it responded to the attack.
People familiar with the investigation said that although Colonial insisted the attack leaked Friday, events appeared to have unfolded over several days. It hired private cybersecurity company FireEye to respond to Sony Pictures Entertainment hacking, power facility violations in the Middle East, and many events involving the federal government.
Shutting down pipeline operations to protect against wider, more malicious intrusion is a fairly common practice. In this case, however, the question remained as to whether the attackers themselves now had the opportunity to switch the pipelines on or off directly or to carry out operations that could cause an accident.
The ransomware attack is the second known incident targeting a pipeline operator. Last year, the Cybersecurity and Infrastructure Security Agency reported a ransomware attack on a pipeline operator’s natural gas compression facility. This resulted in the facility being closed for two days, although the agency never disclosed the company’s name.
Cybersecurity experts say the rise of automated attack tools and the payment of ransom in cryptocurrencies, which make it harder to track down criminals, have exacerbated such attacks.
“We have seen ransomware reach soft targets like hospitals and communities where losing access has real consequences and increases the likelihood that victims will pay,” said Ulf Lindqvist, director at SRI International, who focuses on threats to industrial systems specialized. “We’re talking about the risk of injury or death, not just losing your email.”
Colonial Pipeline, based in Alpharetta, Georgia, is owned by several US and overseas corporations and investment firms, including Koch Industries and Royal Dutch Shell. The pipeline connects Houston and the ports of New York and New Jersey, and also supplies aviation fuel to major airports, including the airports in Atlanta and Washington, DC.