The U.S. has no evidence so far that Russia was involved in the cyber-attack on the IT-systems of Colonial Pipeline, America’s largest oil pipeline, said White House Chief of Staff Joe Biden. The attack on the pipeline was carried out by DarkSide, the FBI said. The incident exposed vulnerabilities in the aging U.S. energy infrastructure, experts say.
White House Chief of Staff Joe Biden said he has seen no evidence that Moscow was behind the cyber attack on the IT systems of Colonial Pipeline, which owns the largest oil pipeline network in the United States.
“So far, our intelligence agencies have found no evidence that Russia was involved in the hacking attack, although there is evidence that the ransomware virus is on Russian soil,” the U.S. president said.
It was previously reported that a criminal group from Russia called DarkSide was behind the ransomware attack.
The FBI confirmed that a criminal group called DarkSide was responsible for the cyberattack on the pipeline.
“The FBI confirms that the ransomware program Darkside is responsible for the collapse of Colonial Pipeline’s networks. We continue to work with the company and our government partners to investigate the incident,” the intelligence agency said in a statement.
Randy Pargman, vice president of threat tracking and counterintelligence at Binary Defense, said DarkSide posted a notice on the darknet that they were “only driven by a desire to make money” in the attack. The hackers claim they were not launching the attack on behalf of any foreign government.
According to Allan Lisky, a senior security architect at Recorded Future, Darkside is a “relatively new” ransomware group. The group has been around since August 2020, but “they are quite aggressive” and “have grown very quickly,” Liskey explained.
Biden and senior White House officials said the administration is working closely with Colonial Pipeline to mitigate the attack and subsequent temporary closure of the pipeline.
The White House has already formed an interagency working group to prepare for various scenarios, including the need for additional measures to mitigate any potential negative impact on fuel supplies.
But both the president and other officials have repeatedly acknowledged that their role is limited because Colonial Pipeline is a private company, though it supplies fuel to much of the U.S. East Coast.
“My administration is taking this very seriously. Together with the FBI and the Department of Justice, we are making efforts to disrupt the activities and catch the criminal extortionists,” the U.S. president explained.
He recalled, however, that private organizations in the United States are responsible for their own cybersecurity.
“My administration is also committed to protecting our critical infrastructure, much of which is privately owned, like Colonial,” the American leader continued.
Colonial Pipeline is an Alpharetta, Georgia-based company that transports more than 379 million liters of gasoline and other fuel daily from Houston to New York Harbor.
On Monday, May 10, the company’s network remained largely paralyzed – a cyberattack late last week led to a temporary shutdown of all company operations, exposing vulnerabilities in the aging U.S. energy infrastructure.
Over the weekend, the pipeline operator began working on a plan to restart its system and was able to begin operations on some auxiliary lines.
Colonial acknowledged Monday that it will take time to restore all systems and said it hopes to substantially increase capacity by the end of this week.
“The events of this weekend have drawn attention to the fact that our nation’s critical infrastructure is largely owned and operated by private sector companies,” said Elizabeth Sherwood-Randall, White House homeland security adviser.
“When these companies are attacked, they serve as the first line of defense,” she said, and it turns out that the entire country depends on the effectiveness of their cyber defenses.
“This is a very troubling signal,” said Neil Chatterjee, commissioner of the Federal Energy Regulatory Commission.
He said executives from all companies in the energy sector – and especially pipeline operators – should now immediately set up incident prevention teams to do an in-depth review of their IT systems and review all security protocols.
“These pipelines are at the forefront of our national defense in every sense right now,” Chatterjee detailed.
Ann Neuberger, in charge of cybersecurity at the National Security Council, said Colonial Pipeline has not asked for “cyber support” from the federal government, but federal officials are willing to help if requested.
She added that there appear to be no ties between Darkside and the Russian government, although the U.S. intelligence community continues to look into the situation.
Asked if the group has ties to Russia, Neuberger said the current view is that Darkside is operating independently.
“We currently believe that Darkside is a private criminal,” Neuberger said at a White House press briefing Monday.