Since April 25th, 2021, off in some nether region of my mind, I had this sinking sense that I would be making this post sooner than I had planned. That sense became a reality about an hour ago when I was listening to NPR in the car on my way to visit family for Mothers Day.
The news story introduced a company I had never heard of before. Colonial Pipeline is based in Alpharetta, Georgia, and they’re a big player in the transportation of refined products such as gasoline, diesel, and jet fuel. How big, you may ask? Well, according to a 2016 Reuters article, they are the largest refined products pipeline in the United States.
Like many other companies in the United States, this company plays a critical role in ensuring the proper functioning of our society. I am not an expert in the refined products pipeline industry, but I am knowledgeable enough to know that this type of business process is made possible by complex pieces of software. In some cases, this technology is collectively known as an industrial control system tasked with controlling and monitoring the industrial equipment that makes it all possible.
Industrial control systems and all the other technological applications used by Colonial Pipeline are essential given their size and the fact that so much of our society relies on the service they provide.
I want to say I was shocked when the NPR reporter noted that Colonial Pipeline had been hacked, causing a halt to the flow of fuel in a pipeline responsible for covering a significant portion of the Eastern Coast of the United States fuel consumption.
The truly scary thing about this, at least to me, is that I wasn’t shocked at all.
On April 25, 2021, I checked out Andy Greenberg’s book Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers from the library. I had hoped to write a brief post about the book after I was finished, but like I said earlier in this post, I felt that something would happen in the in-between that would cause me to post something prematurely. That thing turned out to be Colonial Pipeline.
The book focuses primarily on cyberattacks of the recent past, such as Sandworm, Fancy Bear, Shadow Brokers, and Stuxnet. The author makes it painfully clear that the threat posed by cyberattacks is of critical importance, and our response to and preparedness for such attacks requires immediate improvement if we are to stave off potential catastrophe.
I hope that Colonial Pipeline will serve as a wake-up call to us citizens, and especially to our governing politicians. We need to take the threat of cyberattacks seriously. We’ve got a ton of work to do as a nation, but it needs to get done, or we will pay since it is not a matter of if but when more cyberattacks like this will target our nation’s critical infrastructure.
If you have the time, please read Andy Greenberg’s book.