The cyberattack that led Alpharetta-based Colonial Pipeline to shut down much of its operations over the past week has led to a shortage of gas in some parts of Georgia and across the southeastern U.S.
The company says it hopes to restore full operations by the weekend, which means the pain and inconvenience for drivers will likely be only temporary.
But those who study the energy industry and cybersecurity say the risk of a larger, more devastating attack on the nation’s infrastructure remains high.
“Part of planning is to think through the worst-case scenario,” said Jay Hakes, who worked under President Clinton and served on President Obama’s BP Deepwater Horizon Oil Spill Commission.
“If we can’t solve this problem for the delivery of gasoline, are we sure that we can prevent an attack on our electric grid?” asked Hakes. “And you start thinking, well, what’s it going to be like if there’s a week when we don’t have electricity?”
Hakes says more regulation needs to be focused on protecting infrastructure from computer hackers. The FBI says an overseas group known as DarkSide is likely responsible for the hack of Colonial Pipeline.
“I would hope that someone like the Federal Energy Regulatory Commission could set minimum standards for cybersecurity that would then be mandatory on all delivery systems that were determined to be vital to national security,” said Hakes.
Both the federal government and the state of Georgia have taken steps to bolster fuel supplies as Colonial Pipeline works to restore full operations. This includes temporarily rolling back rules on fuel trucks, allowing the sale of the fall/winter gasoline blend. But this hasn’t stopped drivers from sapping hundreds of gas stations in metro Atlanta of their existing supplies.
Colonial Pipeline says since it shut down the pipeline, it has used other means to transport 41 million gallons of gas to “various delivery points” along with its system, including to Atlanta.
Hakes says going forward, the country could also focus on developing contingency plans such as a reserve of gasoline products spread through the East Coast. He also says private entities that operate pipelines, electrical grids and other critical infrastructure should not be shy about sharing best practices for dealing with cyber threats.
“There needs to be more of a collegial approach to this because it’s a little bit too big of a problem of everybody just coming up with their own solution,” said Hakes.
Raheem Beyah, dean of the college of engineering at Georgia Tech and a computer scientist, says the networks used to operate infrastructure systems – such as fuel pipelines – generally lag several years behind cybersecurity.
“Overall, you could probably argue, and this is sort of rule-of-thumb, that they are 1-2 decades – in terms of the infrastructure and security of these networks – behind IT networks,” said Beyah.
Companies keep the two networks separate so that a hack of an IT network would not necessarily affect operations. Colonial Pipeline says it shut down its pipeline operations “proactively” to make sure it was not compromised.
Beyah says IT networks can often alert administrators when there are suspicious activities but says it’s not always the case with the computer systems that keep the infrastructure working.
“Most OT [operational technology] networks are not monitored, so there are simple things like every OT network needs monitoring, period,” he said.
And he says protecting infrastructure from cyber threats means having a workforce with the technological skills to address the needs of both IT networks and operational technology networks, such as those that control fuel pipelines.
“You’ve gotta make sure you have people that understand the process but also understand network security, and it’s only a handful of folks that have an intersection of that skill set,” said Beyah.