Colonial Pipeline ransomware attack highlights US vulnerability: Experts

Many American companies have not kept pace with the security threat, they say.

May 13, 2021, 3:08 PM

Millions of Americans on Thursday were still feeling the effects of the ransomware attack that led to the shutdown of one of the biggest gas pipelines on the East Coast.

While Colonial Pipeline said operations were starting to return to normal, at gas stations that haven't run out of fuel in North Carolina and other southeastern states, drivers continued to wait in lines to fill up. And for the first time in seven years, the national gas price average reached $3 a gallon.

The Colonial Pipeline ransomware incident highlights the huge fallout cyberattacks can have on the country's critical infrastructure and raises new questions about why the U.S. is so vulnerable to such crippling strikes.

Experts say ransomware attacks, in particular, have been on the rise because of how easily they can be deployed, carried out by actors ranging from enemy nations to criminal gangs.

"Cybersecurity is a problem because the cyber vulnerabilities can be exploited by very small groups with small amounts of funding, it is the ultimate asymmetric threat," Tom Bossert, homeland security adviser under President Donald Trump told ABC News.

The FBI said Monday that ransomware from DarkSide, a criminal organization that operates in Eastern Europe, was responsible for the Colonial Pipeline network attack.

While federal officials were still trying to determine whether a foreign nation could be involved, Russian intelligence has been known to cooperate with Eastern European cybercriminals in the past.

Prevention, Bossert said, involves remembering human beings are behind the attacks.

"We need better technical solutions on that as a group or part of a group of people trying to develop innovative solutions for better technology to prevent attacks, but there's got to be a government role in stopping the human beings that are doing the attacking," Bossert explained.

Former Assistant Secretary for Homeland Security Elizabeth Neumann, an ABC News contributor, said companies and governments need to keep pace with the growing security threat.

"There’s a lot more we can be doing with our critical infrastructure," Neumann said. “More of these systems are being digitized. Things that used to be manually operated are now being operated by computers and that of course creates vulnerability. The infrastructure in of itself is very expensive. A lot of it is decades old … because they are so underfunded, they tend to not update their IT very often.”

Neumann said the impact of future cyberattacks could be much more severe, particularly if a foreign adversary is involved.

PHOTO: The Colonial Pipeline Houston Station facility stands in Pasadena, Texas taken on May 10, 2021.
The Colonial Pipeline Houston Station facility stands in Pasadena, Texas taken on May 10, 2021.
Francois Picard/AFP via Getty Images

Another expert told ABC News that such a large-scale ransomware attack was only a matter of time, given the uptick and lack of cybersecurity coordination between private companies and the government, a key point in the executive order President Joe Biden signed Wednesday evening.

"It was inevitable that we would reach a point where one of these attacks would have significant economic damage," Dmitri Alperovitch, the executive chairman at Silverado Policy Accelerator and a former CTO of CrowdStrike, said.

Hackers can successfully infiltrate a system's computer network and deploy malicious software to effectively seize control, holding hostage files or data until a ransom is paid.

"Many of these ransom operations are more about extortion than ransomware where they will steal data -- typically emails -- and threaten their release and try to embarrass companies and hopefully find -- from their perspective -- find something that these companies will really want to keep quiet, whether it's intellectual property or information on customers," Alperovitch said, "and that would increase the likelihood of actually getting ransom."

PHOTO: A Colonial Pipeline Co. storage tank stands at a facility in the Port of Baltimore in Baltimore, May 11, 2021.
A Colonial Pipeline Co. storage tank stands at a facility in the Port of Baltimore in Baltimore, May 11, 2021.
Bloomberg via Getty Images

The boom in ransomware, he said, coincides with the boom in cryptocurrency.

"We have seen a huge explosion in ransomware cases in the last 10 years and really coincides with the development of cryptocurrency," he explained. "Before we had cryptocurrency there was really no way that these criminal groups could get ransoms in a pseudo-anonymous way that wouldn't be tracked back to them. Bitcoin and other cryptocurrencies have given them that opportunity."

Jim Langevin, a Rhode Island Democrat and founding member of U.S. Cyberspace Solarium Commission, told ABC News that proper funding is needed in order to further secure the nation from cyberattacks.

"We need to strengthen the system by properly funding system to develop their own inherent capabilities and expertise if a situation like this arises again," he explained.

Langevin called the ransomware attack on Colonial Pipeline one of the worst he's seen.

"It is absolutely a road map for enemies and adversaries to potentially carry out a devastating blow against our critical infrastructure and really damage not only our economy, but lead to injury or potentially loss of life," he explained. "We are not prepared. We're not ready. We need to do more. We need to step up our game."

PHOTO: Signage delivers warnings at Colonial Pipeline Baltimore Delivery in Baltimore, May 10, 2021.
Signage delivers warnings at Colonial Pipeline Baltimore Delivery in Baltimore, May 10, 2021.
Jim Watson/AFP via Getty Images

He said public and private partnerships are needed.

"This is not a problem with respect to cybersecurity that government could solve on its own or that that private sector can solve on its own," he said. "It's going to be more of a collaboration and a partnership, sharing intelligence, sharing relevant threat information. That's what's going to get us to stronger cybersecurity."

Bossert agreed.

"We need far better technical controls. We need a much better integration operationally between security vendors, companies and the United States government, and we're going to need to be careful," he said. "We need to start acting collectively together to achieve a result, otherwise we're all going to stand alone and fail all by ourselves. This is a collective problem, there are better technical solutions out there."

Biden's executive order mandates that companies that work directly with the federal government must immediately disclose a cyber breach to the federal government.

The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, is responsible for protecting the nation's cyber infrastructure.

Acting CISA Director Brandon Wales laid out the agency's shortfalls before Congress this week, saying they boil down to funding and the not keeping pace with fast-evolving technology.

"We're in a bit of a technology and cybersecurity deficit that we have not invested to the degree necessary over time," he told lawmakers. "The challenge in cyber is that the threats and the technology are advancing substantially. The technology that we deployed 15 years ago, needs substantial modernization to ensure that it keeps pace with the threats that we're now facing."