US Pipeline Hack Sounds Automakers’ Alarm

Automakers are witnessing a stark warning about their future computer systems’ security with the criminal cyber attack on the US’s largest oil pipeline.

The BBC reports that the US government was forced to issue emergency legislation on Sunday after the Colonial Pipeline, which  carries 2.5M barrels a day equivalent to 45% of the East Coast’s supply of diesel, gasoline and jet fuel, was hit by a ransomware cyber-attack. The pipeline was taken offline by a cyber-criminal gang on Friday and is still working to restore service. The emergency measures now allow fuel to be transported by road but will be unable to match the pipeline’s supply and also add logistic costs raising fuel costs across the board.

Beyond the pressures on fuel prices, the attack illustrates how easily a malicious entity can infiltrate a business’s computer systems and bring it to its knees. The BBC reports that several sources have claimed that the attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial’s network on Thursday and took almost 100GB of data hostage. After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet.

TU-Automotive has a long association with looking in the cyber-security issues facing the automotive industry today such as exploring how service orientated architectures could help fight attacks through over-the-air updates. It’s likely this attack will push cyber-security to the front and center of global automakers’ chief priorities to address as a matter of urgency.

More high-profile infrastructure attacks are likely to follow according to the International Association of IT Asset Managers (IAITAM), the leading authority on IT Asset Management (ITAM). Its president and CEO Dr. Barbara Rembiesa said: “The problem here comes down to one central reality: If you are not managing your assets, you’re not managing your business … and you can’t secure what you don’t know you have. Old and new infrastructure projects tend to be big and, as with a pipeline, may cover a huge amount of the country. When most people think about ‘security’ in such cases, they tend to think about the physical, low-tech side of things but, increasingly, it is the cyber and high-tech side of things that leaves infrastructure projects wide open.

“This country is way behind where it needs to be in ensuring that every single device and piece of software associated with these infrastructure projects is accounted for, secure, and up to date. Old infrastructure is already under attack today because of a lack of rigorous IT Asset Management, and the prospect of the federal government adding billions of dollars to infrastructure without proper management will only add to the problem and open up more security loopholes. The government ratings on asset management are already low compared to private firms and we see that in GAO reports every year.”

— Paul Myles is a seasoned automotive journalist based in Europe. Follow him on Twitter @Paulmyles_

Leave a comment

Your email address will not be published. Required fields are marked *