#Incident_Report: The Colonial Pipeline Incident
What exactly happened?
Colonial Pipelines, the operators which deliver about 45% of the fuel consumed on the entire East Coast, released a statement on May 7th 2021, that they had become the victims of a cyber-security attack due to a Ransomware. Due to the said incident the operator had to take some systems offline ,as a precautionary measure, which temporarily halted all the pipeline operations. After being completely paralyzed for a day, the operations of smaller lateral lines were able to begin from May 9th as the operator prepared a plan to restart the operations and investigated the matter further.
Furthermore, it was revealed that hackers behind this incident had gotten into the corporate networks of the operator and held the data of the company as hostage. As a precautionary measure and to protect the vulnerable sections of the pipeline, the operators had to shut down the operations.
However, the operations have started in full swing as of Wednesday i.e. 12th May 2021 after, reportedly paying about $5 million in Ransom to the hackers in untraceable cryptocurrency. While the company hasn’t made any comment on the same, they did release a statement on 12th May, 2021, which said the following
“Colonial Pipeline initiated the restart of pipeline operations today at approximately 5 p.m. ET. Following this restart, it will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.”
Federal investigation and Response of Authorities
The F.B.I., the Energy Department and the White House had already begun their investigation into the matter as soon as the statement on 7th was released. It was later found by the FBI that the Hacker group behind the incident and the ones who developed the Ransomware was Darkside, a syndicate who had Russia Speakers and had systems which were designed to not attack any system which is using Russian Keyboards.
On this evidence of Russian Origin United Sates President Joe Biden also stated that
“I’m going to be meeting with President (Vladimir) Putin, and so far there is no evidence based on, from our intelligence people, that Russia is involved, although there is evidence that the actors, ransomware, is in Russia. They have some responsibility to deal with this,”
Other departments such as the U.S. Department of Transportation (USDOT), announced on 9th May that they were temporarily lifting restrictions on hours of service in certain areas which were affected, such as Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey and New York . The said order was released in order to get people working around the clock in order to solve the issue and the operations back on track.
The United States Justice department has also formulated a ‘Ransomware task force’ to deal with the situations exactly like this and the Energy Department has also created a 100 day initiative which will be focused on protecting the critical infrastructure from any kind of cyber threats and such incidents.