A Russian criminal gang was behind the ransomware attack that shut down a pipeline carrying half the U.S. East Coast’s fuel supply, media sources reported on Monday, May 10, 2021 (see NBC News story here).
The pipeline remains shut down, and it’s unknown when it’ll come back on line.
The gang claims to be apolitical and only in it for money. But as NBC News noted, “Many Russian cybergangs work as independent operations, though they are sometimes recruited to work for Russian intelligence — and they generally avoid attacking targets in Russia.”
That’s logical. Criminals based in Russia don’t want Russian authorities hunting them. They don’t want to turn off their own lights, either.
So maybe the U.S. government should motivate the Russian government to arrest them and hand them over for prosecution in the U.S.? What would Putin do if
American hackers shut down a Siberian natural gas pipeline?
The larger issue here is what hackers working on behalf of Russia, China, or North Korea could and would do in a conflict. In “2034: A Novel of the Next World War” (here), which like similar books before it, tries to imagine another great-power war in order to influence today’s policymaker (mostly in terms of upping defense spending), China gets the upper hand by launching cyberattacks that blind U.S. satellites, disable its military forces, and strike America’s homeland.
And even when cyberattacks aren’t used to win wars, they can be, and are, used by rogue regimes like North Korea to raise money for their own purposes.
There’s no silver bullet to preclude these vulnerabilities. The U.S. must spend what’s necessary to neutralize foreign bad actors armed with keyboards, computers, and malware. Criminal gangs and foreign adversaries pour resources into acquiring these capabilities, and we must put resources into defeating them.
As The Hill said here, “Threats to critical infrastructure have built steadily in recent years, and over the past year during the COVID-19 pandemic have spiked, particularly as more work is done remotely and online. Both nation states and cyber criminals have increasingly turned to ransomware as the weapon of choice to pressure organizations, including hospitals and schools, to pay large sums to decrypt their networks. Utilities have been another key target … experts say the U.S. remains worryingly vulnerable.”
Now imagine if, instead of wanting money, they want to destroy our society.
The question should be exactly why is this critical infrastructure on the internet. It should not be, but American business likes it cheap. Rather than having to pay for a secure and independent network that is not connected to the internet this company probably has placed their entire command and control on the net. They likely have a centralized control rather than pay live human beings to monitor and operate their system.
This company should have a stand alone system and pay for the telecommunication network which could be just ordinary land lines. Go ahead and blame Russia for a companies poor management decisions. Sure there can be software issues, but that depends on how sophisticated the system needs to be. Maybe instead of a computer you need Dave the Dude who can turn the pump on and off or use the knob to turn off or turn on the flow of oil, and can talk on the phone with Bob at the other end of the pipe. Nope we can have Sam do it all from our central control unit.
The internet of things though is gonna be cool. Yeah. I don’t need a toaster or my lights on the bloody internet. [This comment has been lightly edited to fix typos.]
These IT systems definitely aren’t cheap, although they’re cheaper than legions of workers manually turning valves. And much less prone to human error.
During the Keystone XL pipeline debates, proponents asserted the pipeline would create thousands of permanent jobs. Company permit filings, though, stated it would require only about two dozen people to operate the pipeline.
Pipelines are largely automated. As for why critical systems, like pipeline controls, are connected to the internet — I’m not sure they are. If you can hack the internet, you can hack internal IT systems, too. The internet is merely easier to enter.
There’s a popular belief that, in contrast to digital systems, analog systems are unhackable, and that’s why our ICBM launch systems still use 1970s technology. Neither of these assumptions is quite true, but it’s true that — for complex reasons — the switchover to digital systems has often left industrial controls more vulnerable.
For more information, this 2020 article discusses nuclear deterrent IT modernization, and this 2014 article argues that industrial controls should have analog backup systems.