Republica Press

Your Business & Political News Source

REPUBLICA PRESS
Your Business & Political News Source

Colonial Pipeline Co

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

by

MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.

Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.

“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks

by

A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.

Using ransomware, which is malware that encrypts a victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.

In a media briefing on Thursday, Paul Reid, chief executive of the H.S.E., said the attack was “stomach churning.”

Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.

upended the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory.

The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operation that supplies nearly half the gas, diesel and jet fuel to the East Coast. That attack prompted Colonial Pipeline to shut down its pipeline operations, triggering panic buying at the pump and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, a different cybercriminal gang called DarkSide, nearly $5 million to decrypt its data.

The attack in Ireland has caused backlogs inside emergency rooms from Dublin to Galway, and patients have been urged to stay away from hospitals unless they require urgent care.

In many Irish counties, appointments have been canceled for radiation treatments, MRIs, gynecological visits, endoscopies and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working.

Irish health officials said Thursday that H.S.E. was working to build a new network, separate from the one that has been affected. Hundreds of experts have been recruited to rebuild 2,000 distinct systems. The effort is likely to cost tens of millions of euros, Mr. Reid said.

The H.S.E. said Thursday that it had been provided with a key that could decrypt the data being held for ransom, but it was unclear if it would work.

a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.

In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.

Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.

Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”

Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the schools’ information online after officials declined to pay.

Last December, the chip maker Advantech was also hit by Wizard Spider. Its data was posted to the so-called dark web after it refused to pay.

Some cyber insurance companies have covered the costs of ransom payments, calculating that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started to pressure insurance companies out of paying ransom demands, arguing that they are only fueling more ransomware attacks and emboldening cybercriminals to make more lucrative demands.

AXA, the French insurance giant, said last week that it would no longer cover ransom payments. Within days of its announcement, AXA was hit with a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.

“This is just business as usual,” John Dickson, a cybersecurity expert at the San Antonio-based Denim Group, said in an interview Thursday. “These attacks should come as no surprise to anyone who has been paying attention.”

View Source

Colonial Pipeline Hack Shows Risk to US Energy Independence

by

HOUSTON — When OPEC barred oil exports to the United States in 1973, creating long gasoline lines, President Richard Nixon pledged an effort that would combine the spirit of the Apollo program and the determination of the Manhattan Project.

“By the end of this decade, we will have developed the potential to meet our own energy needs without depending on any foreign energy sources,” he said in a televised address.

His timing was off — it took more than 40 years — but the country has come pretty close to energy independence in recent years thanks to a surge in domestic shale oil and natural gas production and the harnessing of solar and wind energy.

That independence, however, is fragile. Last week, cars lined up at gas stations across much of the Southeast after the Colonial Pipeline was paralyzed by a cyberattack by a criminal group seeking a ransom. The electric grid is also coming under greater stress because of climate change. In the last year, a heat wave in California and a deep freeze in Texas forced rolling blackouts as demand for power outstripped supply.

panic buying rarely seen in decades produced shortages, and prices at the pump rose as much as 20 cents a gallon for regular gasoline in some states in a few days, according to AAA.

Mr. Yergin said that drivers who lined up at pumps to fill gas cans and even plastic bags made the situation worse. The impulse to hoard harkened back to the oil shocks of the 1970s and appeared to touch a chord in the national psyche.

“People remembered gas lines even though they weren’t born yet,” Mr. Yergin said.

Colonial Pipeline, a private company, resumed full operations over the weekend, but it will take at least several more days before many gas stations are restocked.

Energy companies will come under greater pressure from governments and investors to bulk up their defenses against cyberattacks, but those and other vulnerabilities will not be easily overcome, especially after years of underinvestment.

Upgrading the energy system will not be easy. Dozens of competing companies that operate a vast web of oil and gas wells and pumping stations, transmission lines and power plants will need coaxing to make their operations more resilient to weather and criminal attacks. Considerable funding will have to come from business and government, as well as research to keep ahead of the cybercriminals. President Biden’s $2 trillion infrastructure plan devotes $100 billion to the transmission grid.

The quest for energy independence has never been a straight line, and there have been many unfortunate twists. Reliance on Middle East oil was a major consideration in military action and diplomatic strategy, including alliances with countries like Saudi Arabia with disturbing human rights records. A half-century ago, the country shifted from burning heating oil to relying more heavily on coal, which contributed to climate change.

But the search for energy independence also led to innovation. Fracking — the hydraulic fracturing of shale oil and natural gas deposits — not only slashed energy imports but also made the United States a major exporter. Suddenly oil and gas were not a national security vulnerability but a tool to further American interests.

nearly half of the transportation fuel needs of the region.

When hurricanes hit, and refineries on the Gulf shut down, gasoline and diesel prices tend to rise along the East Coast. Normally, that is not a huge problem because companies store lots of fuel close to where it is used and trucks and barges can usually make up the difference. This time, however, uncertainty about how long it would take to restore supplies made the Colonial Pipeline’s shutdown much more disruptive.

The ransomware attack was the work of DarkSide, an extortionist ring that has been responsible for scores of attacks on companies in several countries. But it is hardly the only group that infiltrates computer systems to extort money. Others go by names like REvil, Maze and LockBit.

“The technology moves so quickly, you solve one or two or twenty possible vulnerabilities in your computer systems and the hackers find a different way to get in.” said Drue Pearce, a former deputy administrator of the federal Pipeline Hazardous Materials Safety Administration.

The criminal groups represent a threat to industries beyond energy. But experts say energy is of particular concern because it is essential to a functioning economy. The peril is no less complex than reducing the United States’ reliance on foreign oil, said Bill Richardson, a former energy secretary.

“This is a new threat that we are not prepared for,” he said.

View Source

Colonial Pipeline Now Delivering ‘Millions of Gallons’ an Hour, Owner Says

by

HOUSTON — The Colonial Pipeline, which delivers nearly half the transportation fuel to the Southeast and New York area, resumed full operations on Saturday, eight days after it was shut down by a ransomware attack.

It will still take days before gasoline stations around Washington, D.C., and the Southeast return to normal service, since nearly 2,000 outlets ran out of fuel and it takes time to restock.

Prices at the pump have stabilized, though. Average prices of regular gasoline in Tennessee and South Carolina, two of the hardest hit states, rose by only a penny on Saturday, according to the AAA motor club. Nationwide, gasoline prices remained stable at $3.04, eight cents higher than a week ago. Prices in the states most affected by the shutdown rose by as much as 20 cents a gallon in the last week.

“We have returned the system to normal operations, delivering millions of gallons per hour to the markets we serve,” the operator of the pipeline said on Twitter.

nearly $5 million in Bitcoin to recover its stolen data.

On Friday, DarkSide said it was shutting down because of unspecified “pressure” from the United States.

View Source

Colonial Pipeline Hack Reveals Weaknesses in US Cybersecurity

by

For years, government officials and industry executives have run elaborate simulations of a targeted cyberattack on the power grid or gas pipelines in the United States, imagining how the country would respond.

But when the real, this-is-not-a-drill moment arrived, it didn’t look anything like the war games.

The attacker was not a terror group or a hostile state like Russia, China or Iran, as had been assumed in the simulations. It was a criminal extortion ring. The goal was not to disrupt the economy by taking a pipeline offline but to hold corporate data for ransom.

The most visible effects — long lines of nervous motorists at gas stations — stemmed not from a government response but from a decision by the victim, Colonial Pipeline, which controls nearly half the gasoline, jet fuel and diesel flowing along the East Coast, to turn off the spigot. It did so out of concern that the malware that had infected its back-office functions could make it difficult to bill for fuel delivered along the pipeline or even spread into the pipeline’s operating system.

What happened next was a vivid example of the difference between tabletop simulations and the cascade of consequences that can follow even a relatively unsophisticated attack. The aftereffects of the episode are still playing out, but some of the lessons are already clear, and demonstrate how far the government and private industry have to go in preventing and dealing with cyberattacks and in creating rapid backup systems for when critical infrastructure goes down.

nearly $5 million in digital currency to recover its data, the company found that the process of decrypting its data and turning the pipeline back on again was agonizingly slow, meaning it will still be days before the East Coast gets back to normal.

seeks to mandate changes in cybersecurity.

And he suggested that he was willing to take steps that the Obama administration hesitated to take during the 2016 election hacks — direct action to strike back at the attackers.

“We’re also going to pursue a measure to disrupt their ability to operate,” Mr. Biden said, a line that seemed to hint that United States Cyber Command, the military’s cyberwarfare force, was being authorized to kick DarkSide off line, much as it did to another ransomware group in the fall ahead of the presidential election.

Hours later, the group’s internet sites went dark. By early Friday, DarkSide, and several other ransomware groups, including Babuk, which has hacked Washington D.C.’s police department, announced they were getting out of the game.

Darkside alluded to disruptive action by an unspecified law enforcement agency, though it was not clear if that was the result of U.S. action or pressure from Russia ahead of Mr. Biden’s expected summit with President Vladimir V. Putin. And going quiet might simply have reflected a decision by the ransomware gang to frustrate retaliation efforts by shutting down its operations, perhaps temporarily.

The Pentagon’s Cyber Command referred questions to the National Security Council, which declined to comment.

The episode underscored the emergence of a new “blended threat,” one that may come from cybercriminals, but is often tolerated, and sometimes encouraged, by a nation that sees the attacks as serving its interests.That is why Mr. Biden singled out Russia — not as the culprit, but as the nation that harbors more ransomware groups than any other country.

“We do not believe the Russian government was involved in this attack, but we do have strong reason to believe the criminals who did this attack are living in Russia,” Mr. Biden said. “We have been in direct communication with Moscow about the imperative for responsible countries to take action against these ransomware networks.”

With Darkside’s systems down, it is unclear how Mr. Biden’s administration would retaliate further, beyond possible indictments and sanctions, which have not deterred Russian cybercriminals before. Striking back with a cyberattack also carries its own risks of escalation.

The administration also has to reckon with the fact that so much of America’s critical infrastructure is owned and operated by the private sector and remains ripe for attack.

“This attack has exposed just how poor our resilience is,” said Kiersten E. Todt, the managing director of the nonprofit Cyber Readiness Institute. “We are overthinking the threat, when we’re still not doing the bare basics to secure our critical infrastructure.”

The good news, some officials said, was that Americans got a wake-up call. Congress came face-to-face with the reality that the federal government lacks the authority to require the companies that control more than 80 percent of the nation’s critical infrastructure adopt minimal levels of cybersecurity.

The bad news, they said, was that American adversaries — not only superpowers but terrorists and cybercriminals — learned just how little it takes to incite chaos across a large part of the country, even if they do not break into the core of the electric grid, or the operational control systems that move gasoline, water and propane around the country.

Something as basic as a well-designed ransomware attack may easily do the trick, while offering plausible deniability to states like Russia, China and Iran that often tap outsiders for sensitive cyberoperations.

It remains a mystery how Darkside first broke into Colonial’s business network. The privately held company has said virtually nothing about how the attack unfolded, at least in public. It waited four days before having any substantive discussions with the administration, an eternity during a cyberattack.

Cybersecurity experts also note that Colonial Pipeline would never have had to shut down its pipeline if it had more confidence in the separation between its business network and pipeline operations.

“There should absolutely be separation between data management and the actual operational technology,” Ms. Todt said. “Not doing the basics is frankly inexcusable for a company that carries 45 percent of gas to the East Coast.”

Other pipeline operators in the United States deploy advanced firewalls between their data and their operations that only allow data to flow one direction, out of the pipeline, and would prevent a ransomware attack from spreading in.

Colonial Pipeline has not said whether it deployed that level of security on its pipeline. Industry analysts say many critical infrastructure operators say installing such unidirectional gateways along a 5,500-mile pipeline can be complicated or prohibitively expensive. Others say the cost to deploy those safeguards are still cheaper than the losses from potential downtime.

Deterring ransomware criminals, which have been growing in number and brazenness over the past few years, will certainly be more difficult than deterring nations. But this week made the urgency clear.

“It’s all fun and games when we are stealing each other’s money,” said Sue Gordon, a former principal deputy director of national intelligence, and a longtime C.I.A. analyst with a specialty in cyberissues, said at a conference held by The Cipher Brief, an online intelligence newsletter. “When we are messing with a society’s ability to operate, we can’t tolerate it.”

View Source

DarkSide, Blamed for Colonial Pipeline Attack, Says It Is Shutting Down

by

Since the DarkSide account was opened in March, Elliptic said, it had received $17.5 million from 21 Bitcoin wallets, indicating the number of ransoms it had collected just this spring. Cybersecurity analysts assess that the group has been active since at least August, and has most likely used a number of different Bitcoin wallets to receive ransoms.

The intense scrutiny that followed the Colonial Pipeline attack has clearly unsettled ransomware groups. This week, the operators behind two major Russian-language ransomware platforms, REvil and Avaddon, announced strict new rules governing the use of their products, including bans on targeting government-affiliated entities, hospitals or educational institutions.

The administrator of XSS, a popular Russian-language cybercrime forum, announced an immediate ban on all ransomware activity on the forum, citing, among other things, the bad press associated with the industry. In a statement posted in the forum, the administrator called the attention a “critical mass of harm, nonsense, hype and noise,” saying even the spokesman for President Vladimir V. Putin of Russia had weighed in on the Colonial Pipe attack. (The spokesman, Dmitri S. Peskov, denied that the Kremlin had been involved in the attack on the pipeline.)

“The word ransom has become associated with a whole series of unpleasant things — geopolitics, blackmail, government cyberattacks,” the XSS administrator wrote. “This word has become dangerous and toxic.”

Even if DarkSide has shut down, the threat from ransomware has not passed. Cybercriminal networks often disband, regroup and rebrand themselves in an effort to throw off law enforcement, cybersecurity experts say.

“It’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,” said Mark Arena, Intel 471’s chief executive. “A number of the operators will most likely continue to operate in their own close-knit groups, resurfacing under different aliases and ransomware names.”

Indeed, DarkSide gave no indication that its members were getting out of the ransomware business or even letting victims currently infected with the group’s malware off the hook. In its statement, DarkSide said it would hand over its decryption tools to affiliates, giving these intermediaries, who were responsible for infecting computer systems with the group’s malicious software, the ability to negotiate ransoms with victims directly.

“You will be given decryption tools for all the companies that haven’t paid yet,” the statement read. “After that, you will be free to communicate with them wherever you want in any way you want.”

Julian Barnes contributed reporting.

View Source

Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers

by

In a separate ransomware attack on the Washington, D.C., Metropolitan Police Department, hackers said the price the police offered to pay was “too small” and dumped 250 gigabytes of the department’s data online this week, including databases that track gang members.

In his remarks on Thursday, Mr. Biden seized on the Colonial Pipeline hack as further proof that the United States needed to improve its critical infrastructure, and he urged lawmakers to back his $2.3 trillion proposal to rebuild roads, bridges, pipelines and other projects.

Republicans have balked at the size of Mr. Biden’s proposals, accusing the president of wanting to raise taxes to pay for things that they do not consider infrastructure, like programs for home health aides. Mr. Biden has proposed to increase taxes on wealthy people and corporations to pay for his spending, but has said he is open to other ideas.

“I’m willing to negotiate, as I indicated yesterday to the House members and to the leadership,” Mr. Biden said. “But it’s clearer than ever that doing nothing is not an option.”

Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents, to $3.03, according to the AAA auto club.

Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1 percent of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies. Friday is traditionally the biggest day for gasoline sales.

It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning because it takes time for fuel to pass through the pipeline.

View Source

Colonial Pipeline reports ‘substantial progress’ in restoring the flow of fuel.

by

Gasoline prices continued to rise across the Southeast on Thursday, but at a slower pace generally than in recent days, as the operator of Colonial Pipeline said it had made “substantial progress” in resuming the delivery of fuel along the East Coast.

“Product delivery has commenced to all markets we serve,” the pipeline’s operator said Thursday afternoon. “It will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions.”

The pipeline, which stretches from Texas to New Jersey and delivers nearly half of the transport fuels for the Atlantic Coast, was shut down because of a ransomware cyberattack on Friday. Operations have gathered momentum since the pipeline partially restarted late Wednesday.

Gasoline prices rose by roughly 3 cents in South Carolina and Georgia from Wednesday to Thursday, about half the amount of the increases of the previous few days. But prices in Tennessee, which depends on an offshoot of the pipeline, rose by 6 cents, to $2.87 for a gallon of regular. Nationwide, the average price for a gallon of regular increased by 2 cents to $3.03, according to the AAA auto club.

Gasoline supplies vary from state to state along the pipeline, in part because some places have more storage than others. In New Jersey, only 1 percent of gasoline stations lacked fuel early Thursday morning, while more than half of the stations in Virginia, North Carolina and South Carolina were out of fuel, according to GasBuddy, an app that monitors fuel supplies.

It is likely to take at least through the weekend for supply at all gasoline stations to return to normal functioning, because it takes time for fuel to pass through the pipeline.

President Biden, speaking on national television, urged motorists not to panic.

“They should be reaching full operational capacity as we speak, as I speak to you right now,” Mr. Biden said at the White House. “That is good news. But we want to be clear, we will not feel the effects at the pump immediately. This is not like flicking on a light switch.”

An internal assessment by the Departments of Energy and Homeland Security noted that the fuel “travels through the pipeline at 5 miles per hour” and would take “approximately two weeks to travel from the Gulf Coast to New York.” Supplemental supplies transported in tanker trucks and tanker vessels connecting the Gulf and Atlantic coasts also can take up to a week or more.

The Biden administration has temporarily eased the Jones Act, which prohibits foreign vessels from delivering goods from one domestic port to another. The administration said Thursday that a waiver had been granted to one company and that it would consider other waiver requests.

“This waiver will enable the transport of additional gas and jet fuel to ease supply constraints,” Jen Psaki, the White House press secretary, said in a statement. The Jones Act, which is over a century old and is designed to protect American shipping, is usually waived to compensate for supply interruptions during hurricanes.

Panic buying contributed to the fuel shortages. At some stations, people were filling up gasoline cans, forcing others to wait longer and causing shouting matches.

Friday is traditionally the biggest day for gasoline sales. But energy analysts were optimistic that the crisis would soon pass.

“The restart of the pipeline is very positive news for motorists,” said Jeanette McGee, the director for external communications for AAA. “While impact won’t be seen immediately and motorists in affected areas can expect to see a few more days of limited fuel supply, relief is coming.”

She said station pumps will be full in “several days,” ahead of the Memorial Day weekend, a heavy driving time.

The Federal Bureau of Investigation has identified an organized crime group called DarkSide as the attacker. The group is believed to operate from Eastern Europe, possibly Russia. While the attack was not on the pipeline itself, Colonial shut down both its information systems and the pipeline until it was sure it could safely manage the flow of fuel.

David E. Sanger and Michael D. Shear contributed reporting.

View Source

Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity

by

WASHINGTON — As the East Coast suffered from the effects of a ransomware attack on a major petroleum pipeline, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.

The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade.

The order comes amid a wave of new cyberattacks, more sophisticated and far-reaching than ever before. Over the past year, roughly 2,400 ransomware attacks have hit corporate, local and federal offices in extortion plots that lock up victims’ data — or publish it — unless they pay a ransom.

The most urgent fear is an attack on critical infrastructure, a point made clear this week to Americans, who were panic-buying gasoline. A ransomware attack on Colonial Pipeline’s information systems forced the company to shut down a critical pipeline that supplies 45 percent of the East Coast’s gasoline, diesel and jet fuel for several days.

SolarWinds hack, in which Russia’s premier intelligence agency altered the computer code of an American company’s network management software. It gave Russia broad access to 18,000 agencies, organizations and companies, mostly in the United States.

The new order also requires all federal agencies to encrypt data, whether it is in storage or while it is being transmitted — two very different challenges. When China stole 21.5 million files about federal employees and contractors holding security clearances, none of the files were encrypted, meaning they could be easily read. (Chinese hackers, investigators later concluded, encrypted the files themselves — to avoid being detected as they sent the sensitive records back to Beijing.)

Previous efforts to mandate minimum standards on software have failed to get through Congress, notably in a major showdown nine years ago. Small businesses have said the changes are not affordable, and larger ones have opposed an intrusive role of the federal government inside their systems.

But Mr. Biden decided it was more important to move quickly than to try to fight for broader mandates on Capitol Hill. His aides said it was a first step, and industry officials said it was bolder than they expected.

Amit Yoran, the chief executive of Tenable and a former cybersecurity official in the Department of Homeland Security, said the question on everyone’s mind was whether Mr. Biden’s order would stop the next Colonial or SolarWinds attacks.

“No one policy, government initiative or technology can do that,” Mr. Yoran said. “But this is a great start.”

Government officials have complained that Colonial had poor defenses, and while it established a hard shell around its computer networks, it had no way of monitoring an adversary who got inside. The Biden administration hopes the standards set out in the executive order, requiring multifactor authentication and other safeguards, will become widespread and improve security globally.

Senator Mark Warner, Democrat of Virginia and the chairman of the Senate Intelligence Committee, praised the order but said it would need to be followed by congressional action.

Mr. Warner said recent attacks “have highlighted what has become increasingly obvious in recent years: that the United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage.”

The new order is the first major public part of a multilayered review of defensive, offensive and legal strategies to take on adversaries around the world. This executive order, however, focuses entirely on deepening defenses, in hopes of deterring attackers because they fear they would fail — or run a higher risk of being detected.

The Justice Department is ramping up a new task force to take on ransomware, after the discovery in recent months that such attacks are more than just extortion, they can bring down sectors of the economy.

Mr. Biden announced sanctions against Russia for the SolarWinds hack, and his national security adviser, Jake Sullivan, has said there will also be “unseen” consequences. So far, the United States has not taken similar action against China’s government for its presumed involvement in another attack, exploiting holes in a Microsoft system used by large companies around the world.

The executive order was first drafted in February in response to the SolarWinds intrusion. That attack was especially sophisticated because hackers working for the Russian government managed to change code under development by the company, which unsuspectingly distributed the malware in an update to its software packages. It was discovered during Mr. Biden’s transition and led him to declare he could not trust the integrity of federal computer systems.

The review board created under the executive order will be co-led by the secretary of homeland security and a private-sector official, based on the specific episode it is investigating at the time, in an effort to win over industry executives who fear the investigations could be fodder for lawsuits.

Because it was created by an executive order, not an act of Congress, the new board will not have the same broad powers as a safety board. But officials are still hopeful it will be valuable in learning of vulnerabilities, improving security practices and urging companies to invest more in improving their networks.

Much of the executive order is focused on information sharing and transparency. It aims to speed the time companies that have been victimized by a hack or discover vulnerabilities share that information with the Cybersecurity and Infrastructure Security Agency.

View Source

Colonial Pipeline Resumes Operation: Latest News on the Shutdown

by

The operator of Colonial Pipeline said on Wednesday that it had started to resume pipeline operations.

“It will take several days for the product delivery supply chain to return to normal,” the company said on its website. “Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period.”

The pipeline, which stretches from Texas to New Jersey, had been shut down since Friday after a ransomware attack.

Over the last few days, Colonial has opened segments of the pipeline manually to relieve some supply pressures in a few states, including Maryland and New Jersey. But anxiety has persisted despite the assertions of industry analysts that the impact of the shutdown would remain relatively minor as long as the artery was fully restored soon.

Gasoline in Georgia and a few other states rose 8 to 10 cents a gallon on Wednesday, a price jump typically seen only when hurricanes interrupt Gulf of Mexico refinery and pipeline operations.

View Source

Terms and Conditions - Privacy Policy