Russian Pipelines, Da, American Pipelines, Nyet

Let me get this straight. Recently, Russian hackers shutdown North America's largest pipeline for days, massively disrupting the supply chain on the eastern seaboard and leading to shortages and price spikes. Eventually Colonial, Inc, the line's owner, paid a $5 million ransom to get it up and running again, a decision about which the Biden administration officially had no opinion. Of course, anyone with half a brain knows that's a lie, that they must have been working both sides, pushing Colonial to towards a course of action (presumably the one they took) on the one hand, and engaging their Russian counterparts about it on the other.

Well, the cyberterrorists got what they asked for, and now the Putin regime have gotten their dearest wish as well: the Biden Administration will allow construction of the Nord 2 pipeline project which will enable Russia to satisfy Germany's appetite for oil and gas (which has become more voracious since Germany embarked on its foolhardy Energiewende policy) without passing through Ukraine, a country where anti-Russian sentiment is rife. Moreover, Biden is waiving existing sanctions on the company building the pipeline and its president, Putin ally and former Stasi officer Matthias Warnig, to get the project done.

This is surprising, as Team Biden have been very open about their opposition to Nord Stream 2, fearing it would shift the balance of power in the region by getting Germany addicted to cheap Russian energy, boosting Russia's economy, and further subordinating the smaller countries in the region to the larger. Just this February, Jen Psaki was uncompromising when she articulated the administration's view on the matter:

Our position on Nord Stream 2 has been very clear, and it remains unchanged. President Biden has made clear that Nord Stream 2 is a bad deal. It’s a bad deal because it divides Europe, it exposes Ukraine and Central Europe to... Russian manipulation, and because it goes against Europe’s own stated energy and security goals.

And then suddenly Bidenettes backed down. Something strange is going on here. Foreign policy analyst Rebeccah Heinrichs tweeted sarcastically, "How absolutely wild is it that Russians attacked a US pipeline while gas prices were already high and like two days after the US company pays the relatively small ransom Biden lifts sanctions on Nord Stream 2." It's definitely suspicious.

Then again, the two events might be unrelated. What is indisputable, however, is that this move looks  ridiculous in light of Biden's anti-pipeline domestic policy. As Dan Foster put it, "Killing energy jobs in Oklahoma and creating them in St. Petersburg is so comically inept and villainous you could never even try it without the entire press in your back pocket."

It isn't hyperbole to say Donald Trump (alleged Putin patsy, who was actually tougher on Russia than any president since the fall of the Berlin Wall) would have been impeached for this. After all, he was impeached for less.

The Colonial Pipeline Experiment

Here's some good news -- after several days offline, due to a ransomware attack by Russian hackers, Colonial Pipeline is back up and running as of Wednesday evening. And sooner then expected -- the initial estimates suggested that it might not be able to be restarted until this weekend. This has led to some questions about whether Colonial (perhaps with some encouragement from the Feds) simply paid the hackers' ransom demand. CNN says no, they just beat the hackers with an assist from the FBI, but Bloomberg is reporting that that's exactly what they did:

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday... The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.

Either way, this is an embarrassment for the Biden Administration, but allowing (maybe encouraging) an American company to pay a ransom to Russian cyber terrorists would be hard to come back from. Still, Joe must not have liked the prospect of gas lines -- that totem of Carter-era malaise and harbinger of the Reagan revolution -- lasting more than a few days.

Even so, this crisis won't be ending immediately. Colonial has said, "it will take several days for the product delivery supply chain to return to normal," meaning that souring prices, panic buying, and even rationing are probably going to be with us in the affected states for at least a week.

On the bright side, this is about as close as we can get to a controlled experiment. It would be wildly irresponsible to shut down a pipeline just to spite our obnoxious anti-pipeline protestors and the limousine liberals who fund them. But to see those same liberals sitting in their limousines (or SUVs more likely) in northern Virginia waiting their turn to fill their tanks (and maybe a few plastic bags) with gas? Priceless. Here's hoping the Canadians are watching how this is playing out.

Perhaps the headache will even cause Biden to rethink a few of his own green commitments. As Kyle Smith reminds us,

If Biden himself were not on record as being himself a fan of shutting down fuel pipelines — Keystone XL not only was a menace to our American way of life by bringing us energy, Biden thought it had to be cut off before his first afternoon nap — this brewing crisis wouldn’t be so potentially damaging to him. Biden is an ardently pro-fuel-limits guy in a moment when fuel is limited. As one of his other first acts in office — “Let’s own Trump by endangering our energy future” — he also banned new fracking leases on federal land. Maybe it would be nice to have more energy supply rather than less given what’s happened since?

Don't hold your breath.

Colonial Pipeline Hack May Be Just the Beginning

This week, hackers believed to be the DarkSide ransom gang operating out of Eastern Europe, possibly Russia,  targeted Colonial Pipeline, infecting its  information-technology systems though not its operational control systems. It seems to me the hack is a national security issue, as the pipeline which runs some 5,500 miles from the Gulf State refineries in Houston to customers in the southern and eastern part of the country all the way to New Jersey. It supplies 45 percent of the fuel in this swath and serves 50 million Americans and several major airports. 

The White House apparently takes a different view  announcing it’s a “private sector decision” as to whether Colonial should pay a ransom to get its pipeline back on  line. Anne Neuberger is deputy national security adviser for cyber and emerging technology:

Ms. Neuberger declined to comment on whether Colonial has paid a ransom, and the company hasn’t said so publicly either. She also said the administration hadn’t made a recommendation to Colonial on whether it should pay.

Normally the FBI encourages victims to not pay the ransoms to avoid fueling a booming criminal industry, but Ms. Neuberger said the administration recognized that is often not a feasible option for some companies, especially those that don’t have backup files or other means of recovering data.

Of course, paying the ransom will only make DarkSide’s tools more valuable to both them and to those they sell the programs to, meaning we’ll see more of this and with ever-increasing deleterious economic and energy consequences.

The shape of things to come?

It’s not as if we are in the dark about the need to safeguard cyberspace in critical infrastructure. We have in the Department of Homeland security and  a National Cybersecurity and Communications Integration Center (NCCIC),  with this mission:

DHS coordinates with sector specific agencies, other federal agencies, and private sector partners to share information on and analysis of cyber threats and vulnerabilities and to understand more fully the interdependency of infrastructure systems nationwide. This collective approach to prevent, protect against, mitigate, respond to, investigate, and recover from cyber incidents prioritizes understanding and meeting the needs of our partners, and is consistent with the growing recognition among corporate leaders that cyber and physical security are interdependent and must be core aspects of their risk management strategies.

In an email communication to me Eric Goldstein, executive assistant director for cybersecurity of the Cybersecurity and Infrastructure Security Agency, states they are on the case of the Colonial Pipeline hack. “We are engaged with the company and our interagency partners regarding the situation," he said. "This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”

Colonial is in the meantime manually operating a segment of the North Carolina to Maryland stream. Gas-station lines have formed in several of the southern states, and truckers are warning of a variety of supply chain problems. The company indicated they may be fully operational in a few days  but Mark Ayala, director of industrial-control system security 1898 & Co., suggests it may take longer:

Given the breadth of the unknowns, the discovery, containment decontamination and remediation effort will be lengthy and likely to result in a gradual return to operations.

 The immediate impact may be less on the immediate availability of gas in the affected corridor than on the rising cost of gas as people prepare their getaways after over a year of Covid-19 lockdowns. The issue that most concerns me, however, is the need to update cybersecurity on energy infrastructure.

Here we go again.

There are political and technical problems with doing this, even if we make the assumption that government cybersecurity operations are doing their job and private firms are working hard to protect it. Mandiant (part of FireEye) did just that in successfully limiting the Colonial damage by persuading a hosting provider to shut down a server that contained the stolen data, thus isolating it from the hackers.

 Last year CISA warned pipeline operators about the threat of ransomware. It doesn’t seem Colonial  adequately responded to the warning. Why not? There are several practical problems with hardening cybersecurity on pipelines. Indeed, such risks seem to exist throughout the energy grid:

  1.  “Legacy assets,” decades old systems to which more recent digital technology has been added on, making them more vulnerable, not less.
  2.  The technology is difficult to update because there’s no down time for the operations, and with no downtime it’s difficult to update software. You cannot shut down a pipeline regularly to update your technology.
  3. The reluctance of rate regulators to allow expansion of cybersecurity budgets.
  4. The recent practice of industrial companies to converge their operational technology and information technology, which  makes it harder to contain infections.

And then there's overconfidence:

More than two-thirds of executives at companies that transport or store oil and gas said their organizations are ready to respond to a breach, according to a 2020 survey by the law firm Jones Walker LLP. But many don’t take basic precautions, such as encrypting data or conducting dry runs of attacks, said Andy Lee, who chairs the firm’s privacy and security team. “The overconfidence issue is a serious phenomenon,” Mr. Lee said.

These are the practical constraints on limiting malware and ransomware attacks on critical energy sectors, like pipelines. And then there’s the political handicap. Despite sending our warnings and calling together task forces of bureaucrats to discuss the issue, the focus of the Biden Administration is not on shoring up cyber liabilities. To it, “infrastructure” means doing away with fossil fuels and making the grid even more vulnerable. In fact, as the editors of the Wall Street Journal argue:

The U.S. government could help companies harden their information systems, but the risks to infrastructure will grow unless the U.S. makes the energy system more resilient and redundant. That won’t happen with Mr. Biden’s 500,000 new EV charging stations and rooftop solar panels on every home.

Just the opposite. The grid and other infrastructure will become more vulnerable as more systems get electrified and connected. The Government Accountability Office warned in March that home solar panels, EV chargers and “smart” appliances that companies control remotely are creating new entry points for cyber criminals to take over the grid.

Defending the U.S. against cyber attacks is the Biden Administration’s most important infrastructure job, but that’s not what its $2.3 trillion proposal would do.

Buckle up for a bumpy ride.

Russian Hackers Shut Down North America's Largest Pipeline

If you live in the eastern United States and notice the price of gasoline jumping over the next few days, you can thank a group of Russian hackers who call themselves DarkSide. Though they deny that they're the culprits, ransomware with DarkSide's signature all over it was at the heart of a cyberattack on Colonial Pipeline last Friday, even to the point of being coded not to attack computers which have Russian as their default language. The attack ultimately shut down the company's Texas-to-New Jersey line, the largest pipeline in North America. That pipeline delivers roughly 45 percent of the east coast's diesel, gasoline, and jet fuel.

Colonial are confident that the pipeline will be fully operational by the end of this week. "The question now,' says Bloomberg, "is whether regional inventories held in storage tanks are enough to satisfy demand while Colonial works on resuming operations." To that end, the White House declared a state of emergency on Sunday, which according to NBC,

[L]ifts regulations on drivers carrying fuel in 17 states across the South and eastern United States, as well as the District of Columbia, allowing them to drive between fuel distributors and local gas stations on more overtime hours and less sleep than federal restrictions normally allow.

Hopefully easing those restrictions will help, and oil and gas shipments -- via truck or ship -- will stave off real shortages. But it's worth noting that, even with a shut down of such short duration, Gulf Coast refineries, concerned about running out of storage capacity, are preparing to cut back production, meaning that this could have implications for the price of oil for some time to come.

In any event, this episode should serve to remind us that pipelines are central to the our everyday lives. Kirsten Gillibrand was brutally mocked recently for claiming that basically every plank in the Democratic platform is infrastructure (and could therefore be included in an infrastructure bill), but this is the very definition of infrastructure, and vital infrastructure at that.

Let's not forget it.