In this week’s Cyber Blurbs Roundup, we give you the rundown on what happened with the Colonial Pipeline shutdown, and what the White House is doing in response to the cyber attack.
Pipeline Hacked, Prompting Gas Shortages
Chances are your social media feeds last week offered a glimpse into the panic that ensued across the east coast in the United States. Reminding us of the toilet paper and hand sanitizer shortages of the early pandemic, 2021 brings us the gasoline crisis.
The Colonial Pipeline Co., responsible for supplying 45% of the southeast US’s fuel, was hit with a ransomware attack earlier this month. Hackers held the pipeline’s network hostage, bringing the critical supplier to a halt for several days. The pipeline — in spite of the FBI’s advice to hold firm — reportedly paid the attackers nearly $5 million in cryptocurrency to retrieve the system, according to Bloomberg. Colonial Pipeline stated that it expected the system to be fully operational this month.
While the attack had an impact on the supply of gasoline in the region, it was — as one might expect — panic buying that ultimately resulted in the severe shortages as consumers took to gas stations to drain every last drop from the pump. In short: There was a gas shortage because panicked individuals worried about a gas shortage created a gas shortage.
Many cars waited in endless lines as gas prices soared to more than $3 per gallon in some areas (*cries in California*) — a seven-year high. North Carolina suffered the worst of it, as the state saw 65% of its stations dry up. Virginia (44%) and Georgia (43%) were not far behind.
Panicked buyers stockpiled gas into designated canisters, bins, and even plastic bags — the last of which prompted a response from White House officials.
“I will say that this is a time to be sensible and to be safe, of course we understand the concern in areas where people are encountering temporary supply disruptions, but hoarding does not make things better,” US Secretary of Transportation Pete Buttigieg said.
“And under no circumstances should gasoline ever be put into anything but a vehicle directly or an approved container, and that of course remains true no matter what else is going on.”
Biden signs cybersecurity executive order
Not long after the Colonial Pipeline ransomware attack, US President Joe Biden signed an executive order to bolster the country’s ability to defend against cyber attacks.
“Recent cybersecurity incidents... are a sobering reminder that US public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals,” the White House said.
Per the order, federal agencies will be required to enable multi-factor authentication, as well as encrypt all data within six months. Government IT contractors will also be required to meet a higher standard of security, and will need to report to the federal government if systems have been compromised. Lastly, the White House plans to launch a “star rating” system that will allow stakeholders to determine the level of security associated with software sold to the government.
The order comes months after the US suffered a massive breach in the SolarWinds hack, an attack impacting numerous federal agencies.
“These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents,” the White House said.
The order is also set to introduce a private-public sector board responsible for analyzing grand-scale cyber incidents. Dubbed the Cyber Safety Review board, the new body will be first tasked with analyzing the catastrophic SolarWinds attack.
This comes just a few months after former President Donald Trump signed a different executive order relating to cybersecurity, signed on his last full day in office. Trump’s order directed the Department of Commerce to develop rules that enhance the country’s protection against foreign cyber attacks directed at cloud service providers.