June 13, 2021

Volume XI, Number 164

Advertisement

June 11, 2021

Subscribe to Latest Legal News and Analysis

Crippling Ransomware Attack on Pipeline Exposes Vulnerabilities in U.S. Critical Infrastructure

Colonial Pipeline, a company that transports more than 100 million gallons of gasoline and other fuel daily across 14 states from Houston to New York Harbor, shut down the pipeline last Friday after discovering ransomware on its computer systems.  The FBI has blamed the attack on a ransomware group called DarkSide.

The hack reportedly began last Thursday when hackers stole about 100 gigabytes of data as part of a double extortion scheme.  After stealing the data, the hackers then locked Colonial’s computers. Darkside threatened to publish the stolen data online and to keep the computers locked unless Colonial paid an unknown ransom amount.

Colonial Pipeline notified the FBI of the attack on Friday morning and is cooperating with the investigation. The FBI also brought into the investigation the Cybersecurity and Infrastructure Security Agency (CISA) and other government agencies that regulate energy and infrastructure.  The FBI and other government agencies are still awaiting access to the company’s security protocols to determine how hackers pulled off the crippling ransomware attack.

U.S. critical infrastructure has been the target of an increasing number of cyberattacks. Earlier this year, an unknown hacker breached the access controls at the Oldsmar, Florida, water treatment plant, in an attempt to poison the city’s water supply with lye. In 2020, an unnamed natural gas compressor facility was shut down for two days due to a cyberattack.  Several natural gas pipeline operators had service interruptions in 2018, when a technology vendor that facilitated electronic communications between the operators was hacked.

Many members of Congress and the Biden Administration agree that making cybersecurity improvements is essential for the nation’s critical infrastructure, including our electric grid, local energy and utility companies, water treatment plants, and wastewater facilities. All of these operators face significant challenges to make such improvements, including sufficient funding, staffing and training.  In addition, even though the federal government adopted cybersecurity requirements for certain infrastructure operators, funding shortages can result in very little oversight and inspection to make sure operators are complying with the requirements. Some states, like Connecticut, have adopted requirements for certain infrastructure as well as provided funding to make sure operators in the state are complying.

In addition, it is recognized that our cybersecurity standards need updating.  The Biden Administration has proposed significant funding for the National Institute of Standards and Technology (NIST) to work with industry, science, and government to evaluate and improve the standards for our critical infrastructure.

 

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 133
Advertisement
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement
Advertisement

About this Author

Kathleen M. Porter Partner Intellectual Property Transactions  Private Equity  Intellectual Property Counseling and Protection  Trade and Antitrust
Partner

Kathleen Porter is an intellectual property and technology lawyer in the firm's Business Transactions Group and former chair of the firm’s Intellectual Property + Technology Group. Her practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security.

Her clients include precision manufacturing, life science, energy, consumer products, software, Internet and e-commerce, and other technology-driven businesses.

...

617-557-5989
Advertisement
Advertisement