Policymakers must prioritize security of critical infrastructure

Gas prices spiked, queues formed up outside the stations which still had fuel, and the Biden administration declared a regional emergency after a highly sophisticated cyberattack took Colonial Pipeline, the country’s largest pipeline—carrying 45% of the East Coast’s fuel supply—offline. While the deficit was eased by relaxed restrictions on the transportation of fuel by road and sea and the pipeline is now resuming operations, the implications of the attack extend far beyond short-term fuel shortages.

The attack’s success, particularly given that it was masterminded by a Russian criminal group named “DarkSide”, has thrown into sharp relief what industry experts have been warning for a long time: as components of sensitive national infrastructure in critical areas like the energy sector become ever-more complex and digitalized, they also become increasingly vulnerable to crippling attacks. Regardless of whether those attacks are motivated by ruthless mercenaries seeking to extract an extortionate ransom—in this case, Colonial Pipeline reportedly paid $5 million to the hackers in order to restart operations more swiftly—or state actors attempting to exert geopolitical leverage, the issue remains a serious one in urgent need of attention from lawmakers all over the globe.

Ample advance warning

Although DarkSide has professed to be an apolitical organization and President Biden has indicated that early intelligence does not point to a Kremlin connection in the Colonial Pipeline attack, Russia has previous form when it comes to infiltrating and undermining their perceived rivals’ national infrastructure. As far back as 2015, a team of hackers linked to the Kremlin upset the Ukrainian power grid, causing significant outages and substantial financial losses. The trick was repeated once more the following year, while Moscow and Washington have traded sparring blows in the arena of cyber warfare in recent times.

China has emerged as another major cybersecurity threat—as its southwestern neighbor, India, is acutely aware. A recent study by US-based internet analytics firm Recorded Future found evidence of tens of thousands of pieces of malware flooding from China into India over the past 12 months, with the deadly border skirmish in June of last year an apparent trigger for Beijing to press the button. Indeed, a Mumbai blackout which deprived 20 million Indians of electricity and brought the Indian stock market to a standstill was allegedly caused by Chinese hackers backed by the Chinese government, which used the incident as a warning shot to advertise its ability to disrupt geopolitical foes’ essential infrastructure.

US making strides towards securer systems

Even before the Colonial Pipeline incident underscored the urgency of bolstering essential infrastructure, these plentiful red flags were enough to prompt the White House to take heed of expert opinions asserting that the US energy sector, in particular, has underinvested in its cybersecurity for years. The Government Accountability Office (GAO) have called for greater focus on the distribution systems of power grids, in addition to the generation and transmission of electricity, while McKinsey has warned that energy and utility companies are more susceptible to attack due to their complex infrastructure.

Since his inauguration as US President, Joe Biden has acted swiftly and decisively on the issue. In March, he named cybersecurity as a “top priority” for his administration, before implementing a 100-day plan the following month aimed at beefing up the online defenses of the country’s electrical network. Even before his election, however, US lawmakers had taken steps to stamp out risks to the country’s essential infrastructure. A group of bipartisan senators, for example, fought to raise awareness over the threat posed by Chinese telecoms and energy giant Huawei thanks to its concerningly close links with the government in Beijing. In particular, they warned that solar inverters produced by Huawei could leave the U.S. energy grid “vulnerable to foreign surveillance and interference, and could potentially give Beijing access to meddle with portions of America’s electricity supply”.

Global leaders should follow Biden blueprint

After American lawmakers sounded the alarm, Huawei curtailed its activity in the US, exiting the American solar market in June 2019. The firm, however, still controls almost a quarter of the global market in solar inverters. That means that many countries and their governments (including those in the EU) have become overly dependent on the Chinese company to drive their plans for a renewable revolution in the coming years, a situation which could allow Beijing a back-door entrance into their energy infrastructure through the suspect technology.

With IBM reporting that there were 468 cyberattacks on industrial control systems last year – a 49% increase from 2019 – it’s likely that the threat landscape facing the energy and electricity sectors is only set to intensify going forwards. It’s for that reason that policymakers and politicians all over the planet must take a leaf out of Biden’s book and act now to shore up the security of their key infrastructure. Failure to do so could see a repeat of the Colonial Pipeline incident on an even larger scale, threatening the economies, industries and potentially the public healthcare systems of countless countries all around the globe.

This article does not necessarily reflect the opinions of the editors or the management of EconoTimes