The U.S. government has warned about cyberthreats to the technology behind so-called “critical infrastructure,” especially in the energy sector, and is urging providers to take steps to harden their networks against attack.
The Department of Energy, Cybersecurity and Infrastructure Security Agency, FBI and other parts of the government said on Wednesday that unnamed but “advanced” actors appear to have the “capability to gain full system access to multiple” types of devices involved in industrial control.
The warning comes amid concerns from cybersecurity experts that hackers aligned with Russia could target, or accidentally disrupt, systems worldwide as part of the country’s war in Ukraine. Last month, President Biden personally pushed U.S. companies, especially those that control pipelines, refineries and other fossil fuel infrastructure, “to lock their digital doors,” citing “evolving intelligence” that Moscow was exploring the possibility of a cyberattack.
The recent advisory from the government is reminiscent of the ransomware attack against the Colonial Pipeline last year, which disrupted the operation of the largest fuel pipeline in the U.S., causing an increase in prices and even shortages in some places along the East Coast. (Some of those shortages were driven by hoarding.) The cyber gang behind the attack may be based In Russia.
The hack reflected a lack of cyber security standards and support from the federal government to ensure what is currently critical infrastructure remains secure. It also shows that relying on aging fossil fuel infrastructure, in addition to damaging the climate, comes with serious risks. With gas prices continuing to remain high, a Colonial Pipeline-esque hack could cause more economic damage.