Colonial Pipeline paid hackers a ransom of $4.4 million in bitcoin soon after discovering a cybersecurity hack on its systems that began on May 6. The company’s acknowledgement comes after days of speculation about whether a ransom was paid to the hackers. The company’s CEO defended the “difficult” decision to pay the ransom, maintaining he was trying to avoid widespread fuel shortages for the East Coast. Even with the ransom payment, Colonial’s pipeline was shut down for days, resulting in price spikes and shortages at gasoline stations in the Southeastern U.S. In addition to the ransom payment, Colonial also revealed it would be spending tens of millions of dollars over the next several months to restore its systems.
Meanwhile, the hacker, identified by the FBI as Darkside, a group out of Eastern Europe, lost access to its IT infrastructure and cryptocurrency funds. Many believe that law enforcement seized the group’s assets, given that it occurred on the same day President Biden announced the U.S. would “pursue a measure to disrupt” Darkside.
There are no mandatory federal cybersecurity requirements for U.S. critical infrastructure, including the energy sector. To date, federal government agencies have issued cybersecurity guidelines for the energy sector, but since most operations are privately owned, they are not obligated to follow them. President Biden is trying to provide funding to harden security systems in U.S. critical infrastructure. His proposed American Jobs Plan includes $20 billion for cities and towns to strengthen energy cybersecurity and $2 billion in grants for energy grids in high-risk areas. In the interim, Biden’s recently issued Executive Order on Improving the Nation’s Cybersecurity controls how security incidents are managed and how hardware and software is used by federal government agencies. For vendors and developers who want to do business with the federal government, this means focusing on improving product security in order to win new contracts from a very large customer.