COMMENT – Colonial Pipeline hack: Implications for the future, lessons from the past

selim-arda-eryilmaz-Grg6bwZuBMs-unsplash-scaled.jpg

Representative image of laying work at a pipeline. Unsplash photograph

Forecasts tell you a lot about the forecaster, but they don’t tell you anything about the future or in the case of commodities the grammatically weird plural futures. When they do come true, it is usually a mixture of deep intelligence meeting immense luck.

The July 1995 released film The Net, starring Sandra Bullock as a genius computer programmer who doesn’t step out of home, was way ahead of its time. It was about identity theft, erasing a person and giving her a criminal identity in all databases—the FBI, local police, passport offices and the new identity having prison stretches, drug convictions, you name it.

Bullock, as Angela Bennett, was up against the world and the few who can help are eliminated though she doesn’t give up and reclaims her life. That twist hasn’t been a great look into the future as systems have become more and more sophisticated and conversely the hackers have learnt more about exploiting their vulnerabilities. As they say that the moment you go online, your privacy is gone—individual and more importantly corporate.

Last week a critical commodity—gasoline—for almost the entire US East Coast was hacked with a double indemnity for the hackers. They shut Colonial Pipeline and threatened to sell their data online while also having access to the firm’s mainframe. And the bad news is that the entire US administration with all its ethical hackers and Silicon Valley giants has had to stand by as the operator of the critical pipeline paid the extortionists roughly 75 Bitcoin—or nearly $5 million—to recover the stolen data.   

This was according to people briefed on the transaction and cleared the way for gas to begin flowing again but complicating President Joe Biden’s efforts to deter future attacks, The New York Times reported.

Colonial Pipeline made the ransom payment to the hacking group DarkSide after the cybercriminals last week held up the company’s business networks with ransomware, a form of malware that encrypts data until the victim pays, and threatened to release it online. DarkSide is believed to operate from Eastern Europe, possibly Russia, the report added.

Biden did not rule out the possibility that the administration would target the criminals with a retaliatory strike, saying that the United States would pursue “a measure to disrupt their ability to operate.”

Jen Psaki, the White House press secretary, said the administration was waiting for recommendations from the United States Cyber Command. On Thursday, eight websites associated with DarkSide were pulled offline. It was not immediately clear why. Cyber Command referred questions to the National Security Council, which declined to comment.

A realtime dilemma

The ransom issue underscores a dilemma for the U.S. president as his administration confronts an increasing number of cyberattacks against government and industry. The company’s decision to pay the ransom may help Biden stanch the political fallout from rising gas prices and long lines at the pumps, but it emboldens other criminal groups or rogue states to take American companies hostage by seizing control of their computers, the report said.

Biden declined to answer whether Colonial had paid its extortionists. Ms. Psaki said it remained the “position of the federal government” not to pay ransoms because the money can encourage criminals to conduct more attacks. She refused to criticize Colonial by name, saying it was “not constructive” to single out any particular company.

A company representative would neither confirm nor deny on Thursday that executives had paid a ransom. The payment was confirmed by people briefed on the matter, who declined to be identified because the information was confidential. It was earlier reported by Bloomberg on Thursday.

Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. Friday is traditionally the biggest day for gasoline sales.

“Most of these states/areas with outages have continued to see panicked buying, which is likely a contributing factor to the slow-ish recovery thus far,” said GasBuddy’s Patrick De Haan. “It will take a few weeks.”

Colonial Pipeline announced late Thursday it had restarted its entire pipeline system linking refineries on the Gulf Coast to markets along the eastern seaboard, Reuters reported.

On Friday evening, the pipeline was shipping at normal rates based on shipper nominations, a spokeswoman for Colonial said.

With more Americans taking road trips as pandemic restrictions ease, pump prices are at their highest in years. The average national gasoline price has climbed to almost $3.04, the most expensive since October 2014, the American Automobile Association said.

Trading in the ghettos

As politicians discussed legislation to improve cyber defences, more gasoline stations shut down in the capital city of the world’s largest oil-consuming nation.

On Friday gas station outages in Washington climbed to 88% from 79% the day before, tracking firm GasBuddy said. It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning because it takes time for fuel to pass through the pipeline.

Panic buying contributed to the fuel shortages. At some stations, people were filling gasoline cans, forcing others to wait longer and causing shouting matches.

Wars and pandemics inform us that under their grip money loses its value and goods reclaim their lost pride. “No, it’s not,” Oskar Schindler, tells a few rich Jews who insist that money is still money while investing in his enamelware factory in Steven Spielberg’s Schindler’s List.

“Look where you are, goods will be the only currency worth having and trading in the ghettos.” So how should large systems relying on computer code protect themselves? Commodity exchanges and futures can be hacked, insider information of stock exchanges would be attractive, hospital and government data can be embarrassing, insurance and banking systems would be a hackers dream, and so on and so forth.

The answer to the future could lie in the past. If your critical systems and information is advanced then the guys from the future can see you and if you function as if it is the past there is no way for them to find you. Rather than becoming more tech-savvy and reliant on artificial intelligence and massive cold and inhuman servers, wouldn’t it be a better idea to deescalate and use human intelligence—pass instructions manually, have a register at loading and unloading, let there be no pre-scheduled machine orders and the last minute intervention always be human—perhaps a dichotomy and another challenge during the Covid pandemic when computers should save us from manual intervention.

It’s just a thought as this is being written on a MacBook Pro with real time virus protection, Apple MacKeeper 24×7 remote support for any software issues, and has to be posted on The Net.

Angela Bennett would have said: Bullocks.

Deepan is a seasoned journalist with over 24 years of experience. Deadlines bring out the best in him and he has worked in various capacities with Business Today, Reuters, Hindustan Times, Mail Today, The Times of India, and Down To Earth. Given the time to research he loves the challenge of a new subject. His preferred writing mode is long-form and he loves to hunt for exclusives.

One thought on “COMMENT – Colonial Pipeline hack: Implications for the future, lessons from the past”

  1. A very well researched and written article. It brings out the perils of over dependence on cyber technologies without fully appreciating the threats inherent into it. Policy planners and public will have to one sit and think how much money, resources and safety we are willing to risk just for ease of doing business. As the time passes we will realise the price inherent in the trade off may be a bit too steep for everyone’s liking

Leave a Reply

Your email address will not be published. Required fields are marked *