May 18—The cyberattack that shut down the largest fuel pipeline in the United States is yet another reminder of the vulnerability in America's critical infrastructure.
The attack on the 5,500-mile Colonial Pipeline shut down the flow of oil from the Gulf Coast up the eastern seaboard and triggered panic buying of gasoline. Fortunately the ransomware attack didn't cause disruptions for long and the attackers — believed to be Russian-based — didn't gain control of the pipelines operating system.
Such attacks by organized crime and government-backed groups continue to increase. The Center for Strategic and International Studies lists several dozen significant cyber attacks on government agencies, defense and high tech companies around the world that have occurred just this year.
They include a suspected Iranian cyber attack that targeted medical researchers in Israel and the U.S. and Chinese hackers who waged a cyber espionage campaign against the Indian transportation sector — both carried out this spring.
So far cyberattacks have focused only on extorting money and attackers haven't taken actual control of power plants or other critical infrastructure, instead disabling data businesses need to operate.
But there's no reason to believe foreign governments or terrorist groups won't be able to take actual control of a large power grid, drinking water system or other infrastructure that would have crippling, deadly consequences.
Unlike government computer systems, which have a level of regulation and quality control, there is little in the way of supervision or regulatory expectations for most of the nation's critical energy infrastructure, which is largely privately owned and operated.
Many security experts suggest that rather than the current array of government agencies responsible for different slices of security, a central cyber security agency be created that is led by the FBI and NSA but has representation from key government agencies and active participation from the private sector.
The growing cyber risk is a danger to national security and needs a more comprehensive approach. Government and private sectors need to work together to prevent cyber assaults aimed at ransomware, espionage and disinformation.