“The biggest U.S. gasoline pipeline will not resume full operations for several more days due to a ransomware cyberattack… The FBI attributed the cyberattack to DarkSide, a group believed to be based in Russia or Eastern Europe.” Reuters
On Monday, President Joe Biden stated, “So far, there is no evidence based on — from our intelligence people that Russia is involved. Although there is evidence that the actors — ransomware — is in Russia. They have some responsibility to deal with this.” White House
Both sides worry about the ongoing risk of cyberattacks:
“The fact that an apparent group of cyber pirates -- a secret criminal nerd syndicate -- can take down the aorta of fuel for the East Coast should be sending shockwaves through the country. We've all read this year about the pandemic threatening supply chains and about climate change causing more freak weather that threatens power grids. Meanwhile, hackers have also gotten more brazen, locking companies key to the US infrastructure…
“This week it's Colonial Pipeline. But it's been hospital systems. Cities. Schools. Everything from the city of Atlanta to the DC Police Department has been hit by ransomware. And while they can't be tied in all or even most cases to foreign governments, that should not distract us from the fact that the US appears to be under attack.”
Zachary B. Wolf, CNN
“In 2007, the former Soviet republic of Estonia became the first country to be the target of a national cyber attack with Russia as the perpetrator. When Russia invaded Ukraine in 2014, cyberattacks were part of Vladimir Putin’s arsenal. The attacks on Ukraine included taking control of electrical grids and shutting them down to cause blackouts…
“Today an aggressor would not have to launch a nuclear EMP attack to switch off America’s electricity. It would only require a coordinated attack on the electrical grids that supply us with power. This is a threat that should be taken very seriously, especially since the Russians have a history of testing this sort of warfare.”
David Thornton, Racket News
“These kinds of attacks will only become more frequent. Much of the US’s fractured infrastructure system has weak or nonexistent protection. In February, a hacker accessed the controls of the Oldsmar water plant in Florida and turned up the sodium hydroxide, a caustic chemical that could have harmed people. The attack was noticed and quickly fixed, but it turned out that the hacker had entered, essentially, an unlocked back door into the system that had been open for months. Even worse, the computers were using the obsolete and insecure Windows 7…
“Software updates, system upgrades, cybersecurity tools and good security practices are needed at every level of infrastructure, from local water plants to cross-country oil pipelines. Much of this infrastructure is in state, local or private hands. But protecting it is a matter of National Security.”
Arieh Kovler, Spectator USA
“Companies have their reasons for going mum when hacked, of course. They’re worried about reputational damage. If publicly traded, they also fear possible negligence lawsuits from investors (Colonial is privately held). But in an era in which nation-states and roving freelancers alike have turned rival governments, corporations, schools and universities, hospitals, research labs, fire and police departments, and other institutions into digital piñatas, hunkering down only perpetuates the problem…
“During a Senate Intelligence Committee hearing in February about the massive SolarWinds Inc. burglary orchestrated by Russian operatives, Microsoft Corp.’s president, Brad Smith, and other corporate insiders said one of their biggest frustrations in battling cyberattacks is that information is scattered among private and public stakeholders who don’t freely share it with one another. All of the bad reasons for holding onto information about a cyberattack — embarrassment, competitiveness, incompetence — only make it that much harder to prepare for and surmount the next one… At some point, the wake-up calls will morph into unmanageable disasters.”
Timothy L. O’Brien, Bloomberg
Other opinions below.
This is “a glaring reminder that cyber vulnerabilities in U.S. energy and other systems are the real infrastructure problem that President Biden should be addressing… The Biden Administration should be putting money into shoring up cyber vulnerabilities, but instead it’s using the ‘infrastructure’ label to remake the energy economy, squeeze fossil fuels, and make the grid more vulnerable, not less…
“The Government Accountability Office warned in March that home solar panels, EV chargers and ‘smart’ appliances that companies control remotely are creating new entry points for cyber criminals to take over the grid. Defending the U.S. against cyber attacks is the Biden Administration’s most important infrastructure job, but that’s not what its $2.3 trillion proposal would do.”
Editorial Board, Wall Street Journal
Some argue that “While DarkSide and similarly boutique, high-capability Russia-based or supervised hacking groups are not explicit members of the Russian intelligence apparatus, they operate under the functional authority of the Russian state…
“As I understand the situation, because the Kremlin knows that the United States knows that groups such as DarkSide operate with the Russian state's tacit approval, the Kremlin establishes boundaries for what these hacking groups can and cannot do. The crossover of Russian state hackers and Russian nonstate hackers such as DarkSide is far greater than commonly understood. It is possible that at least some of DarkSide's members are former Russian intelligence officers…
“Senior Russian officials have, in recent weeks, begun explicitly referencing ‘asymmetric’ retaliation to U.S. sanctions. This DarkSide attack would fit near-perfectly with those threats… Unless Russia immediately arrests and extradites DarkSide's team, and not simply some random other hackers, Biden should direct the National Security Agency to retaliate in kind against Russia's energy infrastructure. It is imperative to U.S. national security that Russia not believe itself capable of using the state versus nonstate ‘gray zone’ to endanger millions of American lives and livelihoods.”
Tom Rogan, Washington Examiner
“The large-scale Russian SolarWinds hack, disclosed in December 2020, was shown to have affected several federal government systems. Biden said then that as president, ‘my administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office.’… [Biden’s infrastructure plan] includes $100 billion to modernize the electrical grid…
“And he reportedly plans to unveil an executive order soon that will strengthen cybersecurity at federal agencies and for federal contractors. But these measures are more focused on preventing another SolarWinds-like attack. Federal officials told the New York Times that they don’t think the order does enough to prevent a sophisticated attack, nor would it apply to a privately held company like Colonial.”
Sara Morrison, Vox
“When is the government going to start taking serious measures to prevent, or at least minimize, these debilitating—potentially catastrophic—incidents?… One possibly serious step is about to take place—the installment of a first-ever National Cyber Director, an official vested (at least on paper) with powers to order, coordinate, and enforce cybersecurity actions in the public and private sector… A bigger challenge will be persuading or compelling private companies to step up their game in warding off attacks.”
Fred Kaplan, Slate
Secretary of Defense Lloyd J. Austin III writes, “Galloping advances in technology mean important changes in the work we do to keep the United States secure…
“We are already investing in the huge opportunities of edge computing, the framework that lets us process data as it is being collected, absorb it and share it instantaneously — enabling us to find not just one needle in one haystack but 10 needles in 10 haystacks… The nature of warfare is changing; it spans an unprecedented theater that stretches from the heavens to cyberspace and far into the oceans’ depths. That demands new thinking and new action inside the Defense Department.”
Lloyd J. Austin III, Washington Post