Colonial Pipeline hack exposes cracks in US energy defense against cyberattacks

Last week's ransomware attack on Colonial Pipeline, along with February's winter storm in Texas, revealed the vulnerability of the US energy infrastructure.

Sophia Fox-Sowell Former Producer | On-Camera Talent | Podcast
  • 2020 Telly Award 2021 Webby Award
2 min read

In the aftermath of the May 7 cyberattack on Colonial Pipeline, fears of fuel shortages and higher gas prices led to panic buying in some areas, resulting in long lines at numerous gas stations as people hoarded gasoline.

Operator of the largest fuel pipeline in the US, Colonial Pipeline fell prey to a ransomware attack, and it ceased all pipeline operations as it sought to prevent the malicious software from spreading.

As of May 13, the company had restarted its pipeline system, saying that each of its markets would be receiving fuel that day but that it would take several days for gasoline, diesel, and jet fuel supplies to return to normal.

This is the second time in 2021 an important facility in America's energy infrastructure experienced a significant outage affecting residents in multiple states.

In February, Texas experienced an extreme winter storm. The event caused energy facilities to fail and left millions of Texas residents, and those in neighboring states, without electricity or clean running water. That crisis exposed how vulnerable America's national energy infrastructure is to the effects of climate change and highlighted Texas' inability to adequately prepare for what was once considered a rare event.

Most of America's gas pipelines, electrical towers and power lines — like the ones that failed in Texas — aren't properly weatherized to handle extreme weather events, according to Joe Weiss, managing partner of Applied Control Solutions, a Cupertino, California, consultancy focused on automation systems. With climate change increasing the severity and frequency of natural disasters, it seems only a matter of time before another extreme weather event threatens the grid.

Pipeline from a refinery
Spooh/Getty Images

But climate change isn't the only threat to the outdated US power grid, which, according to an analysis of major power outages by research group Climate Central, hasn't been updated since the 1960s. The grid is also vulnerable to cyberattacks, like the one on Colonial Pipeline, from hackers working remotely to interfere with energy grid operations using just a few lines of code. There are risks, too, from backdoors built into the physical equipment, often purchased from foreign manufacturers and widely used across the country.

The crux of the issue, Weiss says, is that this equipment was designed to do specific things: "run a motor, open a valve, run an assembly line. ... The concept that anybody would maliciously want to do something just wasn't there." Weiss has documented over 1,300 incidents of electrical system power failure caused by cyberattacks going back several decades. 

The vulnerabilities in America's energy grid are "an existential threat," Weiss said. "This is a problem that's 30 to 40 years in the making. This can take you back to the 1850s. And we are not addressing what needs to be done, we can't keep ignoring it — the bad guys [certainly] aren't." 

For a deeper understanding of America's energy crisis, be sure to check out the video at the top of the page.