arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

For China’s Business Elites, Staying Out of Politics Is No Longer an Option

Internet infrastructure operators like Didi must now prove their political and legal legitimacy to the government, Ma Changbo, an online media start-up founder, wrote on his WeChat social media account.

“This is the second half of the U.S.-China decoupling,” he wrote. “In the capital market, the model of playing both sides of the fence is coming to an end.”

Didi, Ms. Liu and Mr. Liu didn’t immediately respond to requests for comment.

China’s internet companies have benefited from the best of two worlds since the 1990s. Many received foreign venture funding — Alibaba, the e-commerce giant, was funded by Yahoo and SoftBank, while Tencent, another internet titan, was backed by South Africa’s Naspers. They also copied their business models from Silicon Valley companies.

The Chinese companies gained further advantages when Beijing blocked almost all big American internet companies from its domestic market, giving its home players plenty of room to grow. Many Chinese internet firms later went public in New York, where investors have a bigger appetite for innovative and risky start-ups than in Shanghai or Hong Kong. So far this year, more than 35 Chinese companies have gone public in the United States.

Now the Didi crackdown is changing the calculations for many in China’s tech industry. One entrepreneur who has set her sights on a listing in New York for her enterprise software start-up said it would be harder to go public in Hong Kong with a high valuation because what her company did — software as a service — was a relatively new idea in China.

A venture capitalist in Beijing added that because of China’s data security requirements, it was now unlikely that start-ups in artificial intelligence and software as a service would consider going public in New York. Few people were willing to speak on the record for fear of retaliation by Beijing.

At the same time, the United States has become more hostile to Chinese tech companies and investors. As Washington has ramped up its scrutiny of deals that involve sensitive technologies, it has become almost impossible for Chinese venture firms to invest in Silicon Valley start-ups, several investors said.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Secret Chats Show How Cybergang Became a Ransomware Powerhouse

MOSCOW — Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

released a statement a week earlier saying it was shutting down. A customer support employee responded almost immediately to a chat request sent from Woris’s account by the Times reporter. But when the reporter identified himself as a journalist the account was immediately blocked.

Megyn Kelly pressed him in a 2018 interview on why Russia was not arresting hackers believed to have interfered in the American election, he shot back that there was nothing to arrest them for.

“If they did not break Russian law, there is nothing to prosecute them for in Russia,” Mr. Putin said. “You must finally realize that people in Russia live by Russian laws, not by American ones.”

After the Colonial attack, President Biden said that intelligence officials had evidence the hackers were from Russia, but that they had yet to find any links to the government.

“So far there is no evidence based on, from our intelligence people, that Russia is involved, though there is evidence that the actors, ransomware, is in Russia,” he said, adding that the Russian authorities “have some responsibility to deal with this.”

This month, DarkSide’s support staff scrambled to respond to parts of the system being shut down, which the group attributed, without evidence, to pressure from the United States. In a posting on May 8, the day after the Colonial attack became public, the DarkSide staff appeared to be hoping for some sympathy from their affiliates.

“There is now the option to leave a tip for Support under ‘payments,’” the posting said. “It’s optional, but Support would be happy :).”

Days after the F.B.I. publicly identified DarkSide as the culprit, Woris, who had yet to extract payment from the publishing company, reached out to customer service, apparently concerned.

“Hi, how’s it going,” he wrote. “They hit you hard.”

It was the last communication Woris had with DarkSide.

Days later, a message popped up on the dashboard saying the group was not exactly shutting down, as it had said it would, but selling its infrastructure so other hackers could carry on the lucrative ransomware business.

“The price is negotiable,” DarkSide wrote. “By fully launching an analogous partnership program it’s possible to make profits of $5 million a month.”

Oleg Matsnev contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

WhatsApp Sues India’s Government to Stop New Internet Rules

SAN FRANCISCO — WhatsApp sued the Indian government on Wednesday to stop what it said were oppressive new internet rules that would require it to make people’s messages “traceable” to outside parties for the first time.

The lawsuit, filed by WhatsApp in the Delhi High Court, seeks to block the enforceability of the rules that were handed down by the government this year. WhatsApp, a service owned by Facebook that sends encrypted messages, claimed in its suit that the rules, which were set to go into effect on Wednesday, were unconstitutional.

Suing India’s government is a highly unusual step by WhatsApp, which has rarely engaged with national governments in court. But the service said that making its messages traceable “would severely undermine the privacy of billions of people who communicate digitally” and effectively impair its security.

“Civil society and technical experts around the world have consistently argued that a requirement to ‘trace’ private messages would break end-to-end encryption and lead to real abuse,” a WhatsApp spokesman said. “WhatsApp is committed to protecting the privacy of people’s personal messages and we will continue to do all we can within the laws of India to do so.”

a broadening battle between the biggest tech companies and governments around the world over which of them has the upper hand. Australia and the European Union have drafted or passed laws to limit the power of Google, Facebook and other companies over online speech, while other countries are trying to rein in the companies’ services to stifle dissent and squash protests. China has recently warned some of its biggest internet companies against engaging in anticompetitive practices.

In India, Prime Minister Narendra Modi and his ruling Bharatiya Janata Party have worked for several years to corral the power of the tech companies and more strictly police what is said online. In 2019, the government proposed giving itself vast new powers to suppress internet content, igniting a heated battle with the companies.

The rules that WhatsApp is objecting to were proposed in February by Ravi Shankar Prasad, India’s law and information technology minister. Under the rules, the government could require tech companies to take down social media posts it deemed unlawful. WhatsApp, Signal and other messaging companies would also be required to create “traceable” databases of all messages sent using the service, while attaching identifiable “fingerprints” to private messages sent between users.

WhatsApp has long maintained that it does not have insight into user data and has said it does not store messages sent between users. That is because the service is end-to-end encrypted, which allows for two or more users to communicate securely and privately without allowing others to access the messages.

More than a billion people rely on WhatsApp to communicate with friends, family and businesses around the world. Many users are in India.

ordered to take down dozens of social media posts that were critical of Mr. Modi’s government and its response to the coronavirus pandemic, which has ravaged the country. Government officials said the posts should be removed because they could incite panic and could hinder its response to the pandemic.

The social media companies complied with many of the requests by making the posts invisible inside India, though they were still visible to people outside the country. In the past, Twitter and Facebook have reposted some content after determining that it didn’t break the law.

Tensions between tech companies and the Indian government escalated this week when the police descended on the New Delhi offices of Twitter to contest labels affixed to certain tweets from senior members of the government. While Twitter’s offices were empty, the visit symbolized the mounting pressure on social media companies to rein in speech seen as critical of the ruling party.

Facebook and WhatsApp have long maintained working relationships with the authorities in dozens of countries, including India. Typically, WhatsApp has said it will respond to lawful requests for information and has a team that assists law enforcement officials with emergencies involving imminent harm.

Only rarely has WhatsApp pushed back. The service has been shut down many times in Brazil after the company resisted requests for user data from the government. And it has skirmished with U.S. officials who have sought to install “back doors” in encrypted messaging services to monitor for criminal activity.

But WhatsApp argued that even if it tried enacting India’s new “traceability” rules, the technology would not work. Such a practice is “ineffective and highly susceptible to abuse,” the company said.

Other technology firms and digital rights groups like Mozilla and the Electronic Frontier Foundation said this week that they supported WhatsApp’s fight against “traceability.”

“The threat that anything someone writes can be traced back to them takes away people’s privacy and would have a chilling effect on what people say even in private settings, violating universally recognized principles of free expression and human rights,” WhatsApp said.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks

A cyberattack on Ireland’s health system has paralyzed the country’s health services for a week, cutting off access to patient records, delaying Covid-19 testing, and forcing cancellations of medical appointments.

Using ransomware, which is malware that encrypts a victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.

In a media briefing on Thursday, Paul Reid, chief executive of the H.S.E., said the attack was “stomach churning.”

Caroline Kohn, a spokeswoman for a group of hospitals in the eastern part of the country, said the hospitals were forced to keep all of their records on paper. “We’re back to the 1970s,” she said.

upended the lives of cancer patients whose chemotherapy treatments had to be delayed or recreated from memory.

The attacks come on top of a similar ransomware attack on Colonial Pipeline, the American pipeline operation that supplies nearly half the gas, diesel and jet fuel to the East Coast. That attack prompted Colonial Pipeline to shut down its pipeline operations, triggering panic buying at the pump and gas and jet fuel shortages along the East Coast. Colonial Pipeline agreed to pay its extortionists, a different cybercriminal gang called DarkSide, nearly $5 million to decrypt its data.

The attack in Ireland has caused backlogs inside emergency rooms from Dublin to Galway, and patients have been urged to stay away from hospitals unless they require urgent care.

In many Irish counties, appointments have been canceled for radiation treatments, MRIs, gynecological visits, endoscopies and other health services. Health authorities said the attack was also causing delays in Covid-19 test results, but a vaccine appointment system was still working.

Irish health officials said Thursday that H.S.E. was working to build a new network, separate from the one that has been affected. Hundreds of experts have been recruited to rebuild 2,000 distinct systems. The effort is likely to cost tens of millions of euros, Mr. Reid said.

The H.S.E. said Thursday that it had been provided with a key that could decrypt the data being held for ransom, but it was unclear if it would work.

a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.

In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.

Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.

Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”

Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the schools’ information online after officials declined to pay.

Last December, the chip maker Advantech was also hit by Wizard Spider. Its data was posted to the so-called dark web after it refused to pay.

Some cyber insurance companies have covered the costs of ransom payments, calculating that the ransom payments are still cheaper than the cost of rebuilding systems and data from scratch. Regulators have started to pressure insurance companies out of paying ransom demands, arguing that they are only fueling more ransomware attacks and emboldening cybercriminals to make more lucrative demands.

AXA, the French insurance giant, said last week that it would no longer cover ransom payments. Within days of its announcement, AXA was hit with a ransomware attack that paralyzed information technology operations in Thailand, Malaysia, Hong Kong and the Philippines.

“This is just business as usual,” John Dickson, a cybersecurity expert at the San Antonio-based Denim Group, said in an interview Thursday. “These attacks should come as no surprise to anyone who has been paying attention.”

View Source

Apple’s Compromises in China: 5 Takeaways

Apple has created an internal bureaucracy that rejects or removes apps the company believes could run afoul of Chinese rules. Apple trains its app reviewers and uses special software to inspect apps for any mention of topics Apple has deemed off limits in China, including Tiananmen Square, the Chinese spiritual movement Falun Gong, the Dalai Lama, and independence for Tibet and Taiwan.

Apple said it removes apps in China to comply with local laws.

In 2018, China’s internet regulators ordered Apple to reject an app from Guo Wengui, a Chinese billionaire who had broadcast claims of corruption inside the Communist Party. Top Apple executives then decided to add Mr. Guo to Apple’s “China sensitivities list,” which meant software would scan apps for mention of him and app reviewers would be trained to reject his apps, according to court documents.

When an app by Mr. Guo later slipped by Apple’s defenses and was published to the App Store, Chinese officials contacted Apple wanting answers. Apple’s app review chief then sent colleagues an email at 2:32 a.m. that said, “This app and any Guo Wengui app cannot be on the China store.” Apple investigated the incident and later fired the app reviewer who had approved the app.

Apple said that it had fired the app reviewer for poor performance and that it had removed Mr. Guo’s app in China because it had determined it was illegal there.

Since 2017, roughly 55,000 active apps have disappeared from Apple’s App Store in China, with most remaining available in other countries, according to a Times analysis.

More than 35,000 of those apps were games, which in China must get approval from regulators. The remaining 20,000 cut across a wide range of categories, including foreign news outlets, gay dating services and encrypted messaging apps. Apple also blocked tools for organizing pro-democracy protests and skirting internet restrictions, as well as apps about the Dalai Lama.

Apple disputed The Times’s figures, saying that some developers removed their own apps from China.

View Source

Censorship, Surveillance and Profits: A Hard Bargain for Apple in China

On Chinese iPhones, Apple forbids apps about the Dalai Lama while hosting those from the Chinese paramilitary group accused of detaining and abusing Uyghurs, an ethnic minority group in China.

The company has also helped China spread its view of the world. Chinese iPhones censor the emoji of the Taiwanese flag, and their maps suggest Taiwan is part of China. For a time, simply typing the word “Taiwan” could make an iPhone crash, according to Patrick Wardle, a former hacker at the National Security Agency.

Sometimes, Mr. Shoemaker said, he was awakened in the middle of the night with demands from the Chinese government to remove an app. If the app appeared to mention the banned topics, he would remove it, but he would send more complicated cases to senior executives, including Mr. Cue and Mr. Schiller.

Apple resisted an order from the Chinese government in 2012 to remove The Times’s apps. But five years later, it ultimately did. Mr. Cook approved the decision, according to two people with knowledge of the matter who spoke on the condition of anonymity.

Apple recently began disclosing how often governments demand that it remove apps. In the two years ending June 2020, the most recent data available, Apple said it approved 91 percent of the Chinese government’s app-takedown requests, removing 1,217 apps.

In every other country combined over that period, Apple approved 40 percent of requests, removing 253 apps. Apple said that most of the apps it removed for the Chinese government were related to gambling or pornography or were operating without a government license, such as loan services and livestreaming apps.

Yet a Times analysis of Chinese app data suggests those disclosures represent a fraction of the apps that Apple has blocked in China. Since 2017, roughly 55,000 active apps have disappeared from Apple’s App Store in China, according to a Times analysis of data compiled by Sensor Tower, an app data firm. Most of those apps have remained available in other countries.

View Source

A Phishing Test Promised Workers a Covid Bonus. Now They Want an Apology.

A report released this week by Britain’s National Cyber Security Centre showed a 15-fold increase in the number of scams removed from the internet, and said the agency had taken more fraudulent sites offline in the past year than in the previous three years combined.

In the first quarter of this year, according to government statistics, almost 40 percent of businesses in Britain reported digital breaches or attacks, with an average cost for medium to large firms of around 13,400 pounds, or $18,800. And the cost of a serious breach can be far more daunting: One study conducted last year by the Ponemon Institute for IBM Security, which interviewed 524 organizations across 17 countries, found that data breaches in 2020 cost an organization on average $3.86 million.

Phishing has also been used by scammers attempting to swindle grandparents out of their savings, by intelligence agencies to gain information and diplomatic leverage, and by IT departments to see if employees are paying attention.

“A sufficiently well-designed phishing email will get clicked on 100 percent of the time,” said Steven J. Murdoch, a professor of security engineering at University College London, adding all companies were vulnerable to phishing.

But testing employees with fake emails about bonuses was “entrapment,” he said, adding that it risked harming the relationship between companies and employees, which was crucial for security. Some attacks, as an example, come from disgruntled employees, he said. “People responsible for fire safety don’t set fire to the building,” he said of the tests.

Rather than discouraging employees from clicking on any link, he said, more effective strategies could include blocking phishing emails, installing software to protect against ransomware, and addressing use of passwords.

Alienating employees also meant they could be less likely to report suspicious activity to their company departments, a crucial method of stopping attacks from becoming more serious, said Jessica Barker, a co-founder of Cygenta, a cybersecurity company.

View Source

Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity

WASHINGTON — As the East Coast suffered from the effects of a ransomware attack on a major petroleum pipeline, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.

The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade.

The order comes amid a wave of new cyberattacks, more sophisticated and far-reaching than ever before. Over the past year, roughly 2,400 ransomware attacks have hit corporate, local and federal offices in extortion plots that lock up victims’ data — or publish it — unless they pay a ransom.

The most urgent fear is an attack on critical infrastructure, a point made clear this week to Americans, who were panic-buying gasoline. A ransomware attack on Colonial Pipeline’s information systems forced the company to shut down a critical pipeline that supplies 45 percent of the East Coast’s gasoline, diesel and jet fuel for several days.

SolarWinds hack, in which Russia’s premier intelligence agency altered the computer code of an American company’s network management software. It gave Russia broad access to 18,000 agencies, organizations and companies, mostly in the United States.

The new order also requires all federal agencies to encrypt data, whether it is in storage or while it is being transmitted — two very different challenges. When China stole 21.5 million files about federal employees and contractors holding security clearances, none of the files were encrypted, meaning they could be easily read. (Chinese hackers, investigators later concluded, encrypted the files themselves — to avoid being detected as they sent the sensitive records back to Beijing.)

Previous efforts to mandate minimum standards on software have failed to get through Congress, notably in a major showdown nine years ago. Small businesses have said the changes are not affordable, and larger ones have opposed an intrusive role of the federal government inside their systems.

But Mr. Biden decided it was more important to move quickly than to try to fight for broader mandates on Capitol Hill. His aides said it was a first step, and industry officials said it was bolder than they expected.

Amit Yoran, the chief executive of Tenable and a former cybersecurity official in the Department of Homeland Security, said the question on everyone’s mind was whether Mr. Biden’s order would stop the next Colonial or SolarWinds attacks.

“No one policy, government initiative or technology can do that,” Mr. Yoran said. “But this is a great start.”

Government officials have complained that Colonial had poor defenses, and while it established a hard shell around its computer networks, it had no way of monitoring an adversary who got inside. The Biden administration hopes the standards set out in the executive order, requiring multifactor authentication and other safeguards, will become widespread and improve security globally.

Senator Mark Warner, Democrat of Virginia and the chairman of the Senate Intelligence Committee, praised the order but said it would need to be followed by congressional action.

Mr. Warner said recent attacks “have highlighted what has become increasingly obvious in recent years: that the United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage.”

The new order is the first major public part of a multilayered review of defensive, offensive and legal strategies to take on adversaries around the world. This executive order, however, focuses entirely on deepening defenses, in hopes of deterring attackers because they fear they would fail — or run a higher risk of being detected.

The Justice Department is ramping up a new task force to take on ransomware, after the discovery in recent months that such attacks are more than just extortion, they can bring down sectors of the economy.

Mr. Biden announced sanctions against Russia for the SolarWinds hack, and his national security adviser, Jake Sullivan, has said there will also be “unseen” consequences. So far, the United States has not taken similar action against China’s government for its presumed involvement in another attack, exploiting holes in a Microsoft system used by large companies around the world.

The executive order was first drafted in February in response to the SolarWinds intrusion. That attack was especially sophisticated because hackers working for the Russian government managed to change code under development by the company, which unsuspectingly distributed the malware in an update to its software packages. It was discovered during Mr. Biden’s transition and led him to declare he could not trust the integrity of federal computer systems.

The review board created under the executive order will be co-led by the secretary of homeland security and a private-sector official, based on the specific episode it is investigating at the time, in an effort to win over industry executives who fear the investigations could be fodder for lawsuits.

Because it was created by an executive order, not an act of Congress, the new board will not have the same broad powers as a safety board. But officials are still hopeful it will be valuable in learning of vulnerabilities, improving security practices and urging companies to invest more in improving their networks.

Much of the executive order is focused on information sharing and transparency. It aims to speed the time companies that have been victimized by a hack or discover vulnerabilities share that information with the Cybersecurity and Infrastructure Security Agency.

View Source

Colonial Pipeline: A Vital Artery for Fuel

HOUSTON — The operator of a vital fuel pipeline stretching from Texas to New Jersey, shut down for days after a ransomware attack, said Monday that it hoped to restore most operations by the end of the week.

Federal investigators said the attackers aimed at poorly protected corporate data rather than directly taking control of the pipeline, which carries nearly one-half of the motor and aviation fuels consumed in the Northeast and much of the South.

The operator, Colonial Pipeline, stopped shipments apparently as a precaution to prevent the hackers from doing anything further, like turning off or damaging the system itself in the event they had stolen highly sensitive information from corporate computers.

Colonial said it was reviving service of segments of the pipeline “in a stepwise fashion” in consultation with the Energy Department. It said the goal of its plan was “substantially restoring operational service by the end of the week.” The company cautioned, however, that “this situation remains fluid and continues to evolve.”

Federal Bureau of Investigation said was carried out by an organized crime group called DarkSide, has highlighted the vulnerability of the American energy system.

Part of that vulnerability reflects Texas’ increased role in meeting domestic demand for oil and gas over the last decade and a half, leading the Northeast to rely on an aging pipeline system to bring in fuel rather than refining imported fuel locally.

Since the pipeline shutdown, there have been no long lines at gasoline stations, and because many traders expected the interruption to be brief, the market reaction was muted. Nationwide, the price of regular gasoline climbed by only half a cent to $2.97 on Monday from Sunday, even though the company could not set a timetable for restarting the pipeline. New York State prices remained stable at $3 a gallon, according to the AAA motor club.

“Potentially it will be inconvenient,” said Ed Hirs, an energy economist at the University of Houston. “But it’s not a big deal because there is storage in the Northeast and all the big oil and gas companies can redirect seaborne cargoes of refined product when it is required.”

The Colonial Pipeline is based in Alpharetta, Ga., and is one of the largest in the United States. It can carry roughly three million gallons of fuel a day over 5,500 miles from Houston to New York. It serves most of the Southern states, and branches from the Atlantic Coast to Tennessee.

Some of the biggest oil companies, including Phillips Petroleum, Sinclair Pipeline and Continental Oil, joined to begin construction of the pipeline in 1961. It was a time of rapid growth in highway driving and long-distance air travel. Today Colonial Pipeline, which is private, is owned by Royal Dutch Shell, Koch Industries and several foreign and domestic investment firms.

It is particularly vital to the functioning of many Eastern U.S. airports, which typically hold inventories sufficient for only three to five days of operations.

There are many reasons, including regulatory restrictions on pipeline construction that go back nearly a century. There are also restrictions on the use of foreign vessels to move products between American ports, as well as on road transport of fuels.

But the main reason comes closer to home. Over the last two decades, at least six refineries have gone out of business in New Jersey, Pennsylvania and Virginia, reducing the amount of the crude oil processed into fuels in the region by more than half, from 1,549,000 to 715,000 barrels weekly.

“Those refineries just couldn’t make money,” said Tom Kloza, global head of energy analysis at Oil Price Information Service.

The reason for their decline is the “energy independence” that has been a White House goal since the Nixon administration. As shale exploration and production boomed beginning around 2005, refineries on the Gulf Coast had easy access to natural gas and oil produced in Texas.

That gave them an enormous competitive advantage over the East Coast refineries that imported oil from the Northeast or by rail from North Dakota once the shale boom there took off. As the local refineries shut their doors, the Colonial Pipeline became increasingly important as a conduit from Texas and Louisiana refineries.

The Midwest has its own pipelines from the Gulf Coast, but while the East Coast closed refineries, the Midwest has opened a few new plants and expanded others to process Canadian oil, much from the Alberta oil sands, over the last 20 years. California and the Pacific Northwest have sufficient refineries to process crude produced in California and Alaska, as well as South America.

Not very. The Northeast supply system is flexible and resilient.

Many hurricanes have damaged pipelines and refineries on the Gulf Coast in the past, and the East Coast was able to manage. The federal government stores millions of gallons of crude oil and refined products for emergencies. Refineries can import oil from Europe, Canada and South America, although trans-Atlantic cargo can take as much as two weeks to arrive.

When Hurricane Harvey hit Texas in 2017, damaging refineries, Colonial Pipeline shipments to the Northeast were suspended for nearly two weeks. Gasoline prices at New York Harbor quickly climbed more than 25 percent, and the added costs were passed on to motorists. Prices took over a month to return to previous levels.

The hacking of a major pipeline, while not a major problem for motorists, is a sign of the times. Criminal groups and even nations can threaten power lines, personal information and even banks.

The group responsible for the pipeline attack, DarkSide, typically locks up its victims’ data using encryption, and threatens to release the data unless a ransom is paid. Colonial Pipeline has not said whether it has paid or intends to pay a ransom.

“The unfortunate truth is that infrastructure today is so vulnerable that just about anyone who wants to get in can get in,” said Dan Schiappa, chief product officer of Sophos, a British security software and hardware company. “Infrastructure is an easy — and lucrative — target for attackers.”

View Source