Pipeline cyberattack prompted NYPD to take precautionary action

Not long after the Colonial Pipeline, the biggest fuel pipeline in the U.S., delivering about 45% of what is consumed on the East Coast, was hit on Friday in a cyberattack, the New York City Police Department was informed.

NYPD Deputy Commissioner of Intelligence and Counterterrorism John Miller said the department then quickly spread the word through the CCSI, which stands for Critical Infrastructure Partners, as law enforcement at the federal and state level tried to determine exactly what was happening.

"At 10:44 a.m., we were notified by the FBI Cyber Task Force in New York direct to our Intelligence Bureau that this cyber-attack, this ransomware attack was going on," Miller told FOX 5 NY.

Miller then outlined how the NYPD communicated with other city agencies and utilities through the CCSI.

"Now, that means the city's Department of Environmental Protection that handles the water, the phone carriers, the hospitals, the New York City government agencies," he said. "Anybody who's involved in running critical infrastructure that may be computer-driven, was warned that this attack was there, that DarkSide malware was involved, and to start checking their internal systems — these are the signatures, go hunt for them in your system."

The FBI now believes this wasn't a terror attack but a digital extortion scheme. The hackers lock up computer systems and demand a ransom to release them.

"When you see something like Colonial being affected, that usually means that there are sophisticated actors that found a hole somewhere in the electronic fencing that surrounds them," Miller said. "And that's something that every other company should look at, should be looking at now, especially if they're in the critical supply chain, and be asking themselves, 'Have we gone hunting for that hole in our fence to find out if there's a new one? Has every system been patched? Has every virus search machine been updated? Are we protecting ourselves as best we can?' And even that isn't a total guarantee."

The attack raised concerns, once again, about the vulnerability of the nation's critical infrastructure. However, this type of scheme can debilitate any business.

The pandemic has made things more complicated for large corporations, according to Megan Stifel, the executive director of Americas for the Global Cyber Alliance, because the proliferation of remote workers has "broadened the attack surface."

"So rather than just having to protect people in the office, at their desk that's issued by the company, they may in some cases be working from home on a laptop that they maintain themselves — it might be very old, it might be beyond its supported life, meaning it can't actually receive patches," Stifel said. "So that complicates the work of network security, staff, and IT professionals."

She also said the rise of remote learning created new risks for school districts.

"School systems weren't used to having to push all of these resources out to the population," Stifel said. "So that, again — more devices to protect, and not all cases are they properly resourced."

That is one of many reasons she has led a group of more than 50 organizations insisting countries do more to take these cases seriously.

"International governments need to come together to identify ransomware as a national security threat," Stifel said.

Colonial resumed a large part of the operations manually on late Monday. The company said it anticipates restarting most of its operations by the end of the week, U.S. Energy Secretary Jennifer Granholm said.

The secretary also said Americans shouldn't hoard gasoline.

"We know that we have gasoline; we just have to get it to the right places," she said.

With The Associated Press