Week of May 10, 2021 | Issue
Kelli McCauley, Marco Magrin, Caterina Anni, Historical Analysis

USA[1]
Date: Friday, May 7, 2021- Wednesday, May 12, 2021
Location: USA
Parties involved: USA; Colonial Pipeline; DarkSide
The event: Hacker group ‘DarkSide’ attacked Colonial Pipeline with ransomware, prompting panic buying and resulting in gas shortage and increased prices in the Southeastern US.[2]
The implications:
On Friday, May 7, 2021, a cyberattack organized by the hacking group “DarkSide” hit the US fuel company Colonial Pipeline, the country’s biggest fuel provider. As a consequence of the attack, many people started to panic buying gas on the US East Coast, leaving most gas stations completely dry and the lack of availability of fuel also resulted in a price ramp up. It is not clear how the attack began and if the aim of the hacking group was to only get the money or also some other piece of information that could be used or strategically sold.[3] The pressure towards the gas stations in the southeast of the US seems to have eased a little and the panic around the shortages of fuel begins to downsize as the Colonial Pipeline is starting to deliver again. Moreover, the demand for gas is expected to drop these following weeks, proving that the initial panic buying is being passed. This cyberattack remains one of the most disruptive attacks ever conducted because of the damages and the negative consequences that the Colonial Pipeline is facing. The attack is meaningful and particularly strategic because it happened just a few weeks before the Memorial Day holiday weekend, a traditional event in the US that marks the beginning of the summer driving season, so now the fuel distributors will have to try very hard to get a fair number of supplies to face the said season in order not to spoil a very remunerative period.[4]
Panic buying gas is not a new phenomenon in the US, as this scenario played out during the 1970’s when vehicles were far less efficient. Since Americans cling to their freedoms in times of desperation, any threat to their supply chain of regularly available goods can result in panic buying. Due to their support of Israel during the Yom Kippur War, amid the 1973 Israeli-Arab War, the Organization of Petroleum Exporting Companies (OPEC) placed an embargo on the US.[5] Due to the shortage of oil caused by this embargo, gas prices quadrupled, Americans grew weary, and social instability ensued. This situation was exacerbated by the panic buying that followed the initial shortage, whereas the readily available supply that may have outlasted the embargo was consumed en masse by a fearful public that waited in lines that wrapped around the block. 1973 experienced the highest gas emissions in history due to the scarcity mindset that ultimately led to overconsumption.[6] This most recent shortage resulted in panic buying once again, as the US Consumer Product Safety Commission and President Joe Biden issued warnings to stop pumping gas into plastic bags and rubbermaid containers.[7]
US oil supply was reduced once again amid the Iranian Revolution, this time resulting in more violence in effort to secure gas. On multiple occasions, gas attendants were beaten, often with lead pipes or other blunt objects while trying to enforce the rationing of gas.[8] This gas crisis was made worse by the chaos that ensued from the shortage more than from the actual shortage itself. The gas shortages of the 1970’s did allow for alternative energy to open up as the realization that a shift from fossil fuels was necessary to promote energy security. Further, cars became more energy efficient in the 1980’s, ultimately paving the way for the future of hybrid transmissions. Since this attack by DarkSide disrupted the US oil supply so greatly (as it carries 2.5 million barrels a day to the East Coast) and a ransom of $5 Million was paid by Colonial Pipeline, more movement away from fossil fuels may be seen in the near future.[9] This attack is also another example of how destructive cyberattacks are to the energy infrastructure of a country as dependent on fossil fuels as the US.
Over $350 million US dollars were lost last year in ransomware or similar attacks, with a 150% frequency increase over the same period of such cyberattacks.[10] This included over 2400 public institutions that were targeted, with the number predicted to increase as public services and utilities are ever more dependent on cyber technology. As critical infrastructure begins to become more digitized and reliant on software and cyber technologies, this increases a risk of hazard as remote attacks can jeopardize vital services and cause great physical, economic and political damage. In the US, utilities, public and emergency services, and essential infrastructure is managed at the local government level, which is less well-equipped to counteract threats of cyberwarfare than the federal government agencies such as the Department of Homeland Security. In case of a disaster, local and state governments can request aid under the Stafford Act, which allows for assistance in relief efforts, disaster mitigation, and preparedness management. Cyberterrorism, however, is not specifically included under potential scenarios where the Stafford Act may be enacted, which disables access by local and state governments to federal resources.[11] By segregating cyberterrorism from the potential resource pool provided by the Federal government, this further increases exposure of critical infrastructure from hackers and opens possibilities for more severe hacks in the future.
Cyber Warfare also establishes a future battlefield, one that has thus far seen the US as particularly vulnerable from China and Russia. Unlike conventional warfare, which relies on strength of numbers and superior firepower, the potential benefits in engaging in active cyberwarfare relies on manipulating a target’s massive networks to exploit even miniscule weaknesses to cause damage through a chain reaction.[12] With the massive size of the US infrastructure networks, it is conceivable that vulnerabilities in the system increase proportionally to this, which also increases the risk of a major hack. As such, as infrastructure and human activity becomes more digital, the incidence of cyber threats shall increase in tandem, which could in turn endanger other interconnected systems and pose a threat to the entire national security apparatus.
The Counterterrorism Group (CTG) Historical Analysis Team monitors significant events to help predict the safety and future of peoples and nations. With the help of the North American Team (NORTHCOM), we will remain vigilant in its effort to detect, deter, and defeat threats in the region. CTG will continue to monitor the ongoing situation in the US, and keep track of growing cyber threats in the region. In the case of an immediate threat, an alert will be created. CTG will keep its clients up to date on threats that could potentially affect their interests. Any information on a credible threat can be turned in to law enforcement. If there are any questions or concerns, do not hesitate to contact us.
[2] How the Colonial Pipeline hack is part of a growing ransomware trend in the US, The Guardian, May 2021, https://www.theguardian.com/technology/2021/may/13/colonial-pipeline-ransomware-attack-cyber-crime
[3]U.S. fuel energy eases as pipeline returns to normal, Reuters, May 2021 https://www.reuters.com/business/energy/massive-replenishment-begins-ease-us-fuel-shortages-2021-05-15/
[4] U.S. gasoline shortage eases, but pumps dry in some areas, Reuters, May 2021 https://www.reuters.com/business/energy/us-gasoline-shortage-improves-some-regions-still-suffer-hefty-outages-2021-05-16/
[5] American Gas Panic Has a Long History, CNN, May 2021, https://www.cnn.com/2021/05/12/opinions/gas-shortage-panic-in-america-has-long-history-jacobs/index.html
[6] Gas Shortages in 1970s America Sparked Mayhem and Forever Changed the Nation, Smithsonian Magazine, May 2021, https://www.smithsonianmag.com/smart-news/1970s-gas-shortages-changed-america-180977726/
[7] Gas Shortages in 1970s America Sparked Mayhem and Forever Changed the Nation, Smithsonian Magazine, May 2021, https://www.smithsonianmag.com/smart-news/1970s-gas-shortages-changed-america-180977726/
[8] American Gas Panic Has a Long History, CNN, May 2021, https://www.cnn.com/2021/05/12/opinions/gas-shortage-panic-in-america-has-long-history-jacobs/index.html
[9] US fuel pipeline 'paid hackers $5m in ransom', BBC, May 2021, https://www.bbc.com/news/business-57112371
[10] ‘Four key takeaways on the US government response to the pipeline ransomware attack’, CNN, May, 2021, https://edition.cnn.com/2021/05/11/politics/colonial-pipeline-cyber-hearing-senate-homeland-security-committee/index.html
[11] The Underbelly of Ransomware Attacks: Local Governments, Council on Foreign Relations, May 2021 https://www.cfr.org/blog/underbelly-ransomware-attacks-local-governments
[12] Toward a More Coercive Cyber Strategy, Center for Strategic and International Studies, March 2021, https://www.csis.org/analysis/toward-more-coercive-cyber-strategy