A federal regulatory agency is facing new scrutiny today following the recent cyberattack that forced the shutdown of one of the nation’s most important pipelines.
Colonial Pipeline Shutdown After Ransomware Attack
The Colonial Pipeline went offline last Friday after its operator fell victim to a ransomware attack.
The 5,5000-mile network is a vital supplier of gasoline and other refined fuels to major cities along the East Coast. News of the hack led to emergency declarations and panic buying in some states, with residents lining up at gas stations in fear of a shortage.
Although the pipeline resumed operation around 5:00 p.m. yesterday, Alpharetta, Georgia-based Colonial Pipelines warned that it could take “several days” to return to normal.
Pipeline Security Branch Has Not Imposed Mandatory Cybersecurity Rules
The U.S. Transportation Security Administration’s Pipeline Security Branch oversees more than 3-million-miles of pipeline across the country, including the Colonial Pipeline network. According to Bloomberg News, the agency has not imposed any mandatory cybersecurity rules since being created in response to the September 11, 2001, terrorist attacks. Instead, it has relied on voluntary best practices and self-reporting by the industry to secure the operations.
“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors,” Richard Glick, chair of the Federal Energy Regulatory Commission, said in a statement to Bloomberg News. “Mandatory pipeline security standards are necessary to protect the infrastructure on which we all depend.”
Pipeline Cybersecurity Risks Known for Years
The Colonial Pipeline attack highlights the obvious risks of the agency’s hands-off approach.
According to CNN, the Biden administration has privately voiced frustration with the operator’s weak security measures and a lack of preparation that could have allowed the hackers to pull off their crippling attack. Because the investigation is ongoing, Colonial Pipelines has yet to tell the federal government exactly what vulnerabilities the hackers leveraged to access the system.
“In cybersecurity, one is only as strong as one’s weakest link,” Secretary of Homeland Security Alejandro Mayorkas said during a White House briefing on Tuesday. “And therefore, we are indeed focused on identifying those weak links.”
The fact that the nation’s pipelines are vulnerable to hackers really comes as no surprise. In 2018, the Government Accountability Office reported that it had found “significant weaknesses” in the Branch’s management of pipeline security. In 2019, a report by the Office of the Director of National Intelligence Daniel Coats warned that a cyberattack could disrupt a pipeline “for days to weeks.”
“It absolutely is a problem,” Rebecca Craven, program director for the Pipeline Safety Trust, told Bloomberg News. “These are lines running through communities handling hazardous materials, and the public needs to be aware of threats to them.”
Undefeated Pipeline Explosion Lawyer: Call 1-888-603-3636 or Click Here for a Free Consult.
Our Undefeated Pipeline Explosion Lawyers have won billions for thousands of people injured or tragically killed in connection with the worst accidents and explosions at plants, refineries, and pipelines in Texas, Louisiana, and across the United States.
Please call 1-888-603-3636 or Click Here to send us a confidential email through our “Contact Form.”
All consultations are free, and as we only represent clients for a contingency fee, you’ll owe nothing unless we win your case.