Federal Agencies Say ‘No Evidence’ Hackers Affected Colonial’s Operational Technology 

Several fuel pumps were out of premium gasoline in addition to limiting the fill up of portable containers at this Costco Warehouse fuel station May 11 in Ridgeland, Miss.

Several fuel pumps were out of premium gasoline in addition to limiting the fill up of portable containers at this Costco Warehouse fuel station May 11 in Ridgeland, Miss. Rogelio V. Solis/AP

A leading GOP lawmaker is pressuring CISA to release data on the agency’s pipeline cybersecurity initiative. 

There’s no reason to believe the group that attacked the Colonial Pipeline Company with ransomware gained access to its sensitive industrial control systems, federal agencies said in a joint advisory.

“In response to the cyberattack, the company has reported that they proactively disconnected certain [operational technology] systems to ensure the systems’ safety. At this time, there are no indications that the threat actor moved laterally to OT systems,” the advisory FBI and the Cybersecurity and Infrastructure Security Agency issued Tuesday.

The attack on the pipeline, which the company revealed in a Friday press release, is drawing attention to the physical consequences of cybersecurity. With the company’s pipelines typically supplying almost half of the fuel to the East Coast, multiple states declared states of emergency as people waited in long lines to fill up their tanks. Energy Secretary Jennifer Granholm warned against price gouging and panic buying while administration officials have waived environmental regulations allowing the alternate transport of fuel on the interstate highway system. The Department of Homeland Security is also ready to consider waivers of the Jones Act, which requires maritime vessels transporting goods between U.S. ports to be built by U.S. citizens or permanent residents, White House Press Secretary Jen Psaki said Wednesday. 

“We are deeply concerned about the security of our nation’s critical infrastructure and the industrial control systems (ICS) that underpin many national critical functions,” members of the House Homeland Security and Transportation Committees said in a letter to National Security Advisor Jake Sullivan Tuesday. “As we have repeatedly stressed, cybersecurity is no longer just an ‘IT issue’ but instead an economic and national security challenge that can have real-world impacts to our security. It is imperative that the federal response is rapid, clear, and consistent.”

Granholm has said the company should be back to full force by the end of the week. Citing unnamed sources, the Washington Post reported Wednesday that Colonial doesn’t plan on paying a ransom for the hackers to decrypt their files and is working with cybersecurity firm Mandiant to restore backups or rebuild systems as necessary.

The importance of segmentation between information technology, or IT, systems and operational technology, or OT, systems has been central to advisories from federal agencies on securing industrial control systems like those involved in the pipeline and other critical infrastructure where there are devices such as valves and pressure gauges to control physical processes.

The National Security Agency, for example, recently cautioned the defense sector against connecting IT and OT systems, despite the convenience that could provide. 

CISA and the FBI said the group that has acknowledged responsibility for the attack—which goes by the name DarkSide—has been “targeting multiple large, high-revenue organizations” with ransomware since August 2020. And pipeline infrastructure was known to be the target of ransomware actors well before that. A February 2020 CISA alert on the issue contains many of the same mitigation measures listed in Tuesday’s advisory—implement multifactor authentication and enable extra strong spam filters to avoid successful phishing attempts, for example—but there were a few new ones.

The agencies said the hackers are using The Onion Router—software used to access the dark web—to establish and maintain command and control functionality in victim’s networks.

“Monitor and/or block inbound connections from Tor exit nodes and other anonymization services to IP addresses and ports for which external connections are not expected (i.e., other than VPN gateways, mail ports, web ports),” the advisory reads. “For more guidance, refer to Joint Cybersecurity Advisory AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor.”

Oversight of pipeline cybersecurity has been the subject of a jurisdictional turf war between the House Homeland Security and Transportation and Infrastructure committees and the Energy and Commerce committee. Responsibilities currently fall to the Transportation Security Administration, which the Government Accountability Office said was not dedicating appropriate resources to the job.

"In our company's extensive experience in assessing oil & gas pipelines for several of the country’s largest pipeline operators, we have found that pipeline cybersecurity is far behind that of other energy sectors (upstream and downstream O&G and electric utilities),” John Cusimano, vice president of industrial cybersecurity at aeCyberSolutions, told Nextgov.

On Tuesday, Rep. John Katko, R-NY, ranking member of the Homeland Security Committee sent a letter to CISA Acting Director Brandon Wales saying TSA’s partnership with the agency on a 2018 initiative is promising but asked for numbers on the program, which relies on voluntary participation from industry.

“It is the Committee’s understanding that the core of this initiative revolves around conducting Validated Architecture and Design Review (VADR) assessments on pipeline assets,” Katko wrote. “Now, in the wake of the Colonial Pipeline ransomware incident, ensuring the success, growth, and effectiveness of the Pipeline Cybersecurity Initiative is more important than ever before. The Committee requests a briefing on the status of the initiative, no later than June 1, 2021.”  

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.