Show an ad over header. AMP

I am the FIRST

The Colonial Pipeline hack shows just how vulnerable the U.S. energy system is

The ransomware attack against the Colonial Pipeline — the massive East Coast gasoline artery — is a stunning real-world example of the increasing risks that the energy sector faces from a cyberattack.

Why it matters: Different parts of the vast American energy system are vulnerable — from pipelines to power grids to individual power plants and plenty in between.


  • While federal and state agencies, as well as companies, have spent years hardening their systems, the shutdown of the country's largest refined products pipeline, which carries over 100 million gallons per day, shows you can never be too prepared.

Between the lines: Ransomware has a distinct, perhaps less-pernicious goal: to lock users out of a system until they pay to have access restored.

  • Most ransomware victims are put in impossible positions, incurring financial losses while wrestling with the decision of whether to pay the ransom.
  • But as Axios' Felix Salmon noted, the Colonial Pipeline is not your everyday ransomware victim, given its status as critical infrastructure. Instead, the full resources of the U.S. government have been mobilized in the wake of this attack.
  • All the disruption and attention even elicited an apology, of sorts, from DarkSide, the relatively new group the FBI said allegedly perpetrated the hack.
  • “Our goal is to make money and not creating problems for society," the group said in a statement on the dark web.

The big picture: Axios' chief tech correspondent Ina Fried notes the attack highlights a growing dilemma facing cities, utilities and companies: The more that their processes go digital, the more vulnerable they are to financially motivated attacks.

  • Moody's Investors Service, in a note, said pipeline operators have increasingly adopted digital tech to improve their operations.
  • The problem? That also means operators of oil, natural gas and other pipelines are "offering new vectors for cyberattackers."

Threat level: Moody's says the pipeline sector is the oil-and-gas industry's most vulnerable segment.

  • "A cyberattack that disrupts one or more long-haul pipelines would have global supply implications, regardless of the location of the attack," it notes.
  • On the bright side, Moody's says the oil-and-gas sectors' cybersecurity investments have been growing.

Yes, but: Cybersecurity concerns also extend to other elements of the energy system, such as the electrical grid.

  • The expensive and deadly power outages in Texas in February, caused by extreme cold, illustrated what can happen when the power goes out for an extended period.

Of note: The Colonial hack comes about five months after the disclosure of the far-reaching Russian SolarWinds hacking of a vast trove of corporate and government systems.

  • This breach may have compromised parts of the American energy infrastructure.

Driving the news: There are reports that some gasoline stations have run out of fuel.

  • Per GasBuddy analyst Patrick De Haan's Twitter feed, the most widespread outages as of this morning were in Virginia at around 7.6%, and he notes the state-by-state estimates may be low.
  • Via Bloomberg, "From Virginia to Florida and Alabama, fuel stations are reporting that they’ve sold out of gasoline as supplies in the region dwindle and panic buying sets in."
  • AAA reports that the outage has pushed nationwide average gasoline prices to $2.99-per-gallon, the highest since late 2014 (a standing reminder that prices vary by region).

What's next: Colonial Pipeline said Monday that segments are being brought back online in a "stepwise fashion," with the goal of "substantially restoring operational service by the end of the week."

What they're saying: "We are monitoring supply shortages in parts of the Southeast and are evaluating every action the Administration can take to mitigate the impact as much as possible," White House Press Secretary Jen Psaki said in a statement.

What we're watching: Multiple lawmakers have called for the passage of cybersecurity bills in the wake of the attack.

  • "That infrastructure package should have a giant allocation for improving cybersecurity across the United States," energy analyst Amy Myers Jaffe said on the latest Axios Pro Rata podcast.

Go deeper: What to know about the Colonial Pipeline cyberattack

4 ffp

Why the startup world needs to ditch "unicorns" for "dragons"

When Aileen Lee originally coined the term "unicorn" in late 2013, she was describing the 39 "U.S.-based software companies started since 2003 and valued at over $1 billion by public or private market investors."

Flashback: It got redefined in early 2015 by yours truly and Erin Griffith, in a cover story for Fortune, as any privately-held startup valued at $1 billion or more. At the time, we counted 80 of them.

Keep reading... Show less

Scoop: Facebook's new moves to lower News Feed's political volume

Facebook plans to announce that it will de-emphasize political posts and current events content in the News Feed based on negative user feedback, Axios has learned. It also plans to expand tests to limit the amount of political content that people see in their News Feeds to more countries outside of the U.S.

Why it matters: The changes could reduce traffic to some news publishers, particularly companies that post a lot of political content.

Keep reading... Show less

Scoop: Amazon quietly getting into live audio business

Amazon is investing heavily in a new live audio feature that's similar to other live audio offerings like Clubhouse, Twitter Spaces and Spotify's new live audio platform, sources tell Axios.

Why it matters: As with Amazon's efforts in podcasting and music subscriptions, the company sees live audio as a way to bolster the types of content it can offer through its voice assistant, Alexa, and its smart speaker products.

Keep reading... Show less

Hurricane Ida exposes America's precarious energy infrastructure

The powerful hurricane that plunged New Orleans into darkness for what could be weeks is the latest sign that U.S. power systems are not ready for a warmer, more volatile world.

The big picture: “Our current infrastructure is not adequate when it comes to these kinds of weather extremes,” Joshua Rhodes, a University of Texas energy expert, tells Axios.

Keep reading... Show less

"We must go further": 70% of adults in European Union are fully vaccinated

About 70% of adults in the European Union are fully vaccinated against COVID-19, Ursula von der Leyen, the president of the European Commission, said Tuesday.

Why it matters: The milestone makes the E.U. one of the world's leaders in inoculations, after an initially lagging vaccine campaign, the New York Times notes.

Keep reading... Show less

What Elizabeth Holmes jurors will be asked ahead of fraud trial

Jury selection begins today in USA v. Elizabeth Holmes, with the actual jury trial to get underway on Sept. 8.

Why it matters: Theranos was the biggest fraud in Silicon Valley history, putting both hundreds of millions of dollars and thousands of patients' health at risk.

Keep reading... Show less

Insights

mail-copy

Get Goodhumans in your inbox

Most Read

More Stories