The Colonial Pipeline Hack: It’s Real, It Will Happen Again, and We Must Be Prepared

Hackers recently attacked computer systems belonging to the Colonial Pipeline company, forcing them to shut down operations and inhibiting delivery of diesel fuel, gasoline, and jet fuel throughout the East Coast of the United States. The company has responded quickly but cautiously and expects to resume normal operation very soon. In the meantime, a declaration of emergency from the White House allows extended operation of other means of petroleum transport.

Despite these measures, it is entirely possible we will see a short-term hike in gas prices at the pump. More importantly, we must be prepared for an encore. If the hackers make money, they will surely want to repeat their success. If they do not, they will surely learn from this incident, and try again until they get what they want.  

Preventative measures are helpful, but we cannot count on winning the perpetual cat-and-mouse game. We must recognize, however, that another intrusion is inevitable, focus on efficient response and recovery. Duplicate systems and automated failover mechanisms may seem expensive but are a small price to pay compared to an extended service disruption. Emergency response exercises and – pardon the pun – a well-oiled response process are no longer bureaucratic niceties: they are essential to our economy and national security.

Hackers recently attacked computer systems belonging to the Colonial Pipeline company, forcing them to shut down operations and inhibiting delivery of diesel fuel, gasoline, and jet fuel throughout the East Coast of the United States. This pipeline is not just critical to consumers – it is 5,500 miles long, moves 2.5 million barrels a day from Houston to North Carolina and 900,000 barrels to New York – it is also a primary supplier of fuel to the U.S. military. The company has responded quickly but cautiously and expects to resume normal operation very soon. In the meantime, a declaration of emergency from the White House allows extended operation of other means of petroleum transport.

Despite these measures, it is entirely possible we will see a short-term hike in gas prices or even some localized shortages at the pump. More importantly, we must be prepared for an encore. If the hackers make money, they will surely want to repeat their success. If they do not, they will surely learn from this incident, and try again until they get what they want. Whether the hackers were looking for a payout or not, this will serve as a template for future attacks.

None of this is surprising to the security community. Ransomware attacks have plagued us for years, and a recent attack on a water treatment plant failed only because the attacker was inept, and an employee happened to notice strange behavior in the system. Security professionals have warned about such attacks for years, and the White House recently released a plan aimed at improving security of infrastructure. 

Preventative measures are helpful, but we cannot count on winning the perpetual cat-and-mouse game.  We must recognize, however, that another intrusion is inevitable, focus on efficient response and recovery. Duplicate systems and automated failover mechanisms may seem expensive but are a small price to pay compared to an extended service disruption. Emergency response exercises and – pardon the pun – a well-oiled response process are no longer bureaucratic niceties: they are essential to our economy and national security.