Last Friday, a cyberattack shut down the Colonial Pipeline, perhaps for a week—giving all Americans a vivid example of the impact of a significant cyberattack and reason to demand “the powers that be” employ effective cybersecurity against even more consequential possible cyberattack strategies.
The Colonial Pipeline reportedly carries 100 million gallons-a-day of gasoline, diesel fuel and other refined petroleum products from the country’s chief refining corridor along the Gulf Coast and up the eastern cost to Linden, N.J.—roughly 45% of the fuel consumed in 17 states. Gas prices are going up!
According to Justin Volz in the May 10, 2021 Wall Street Journal, the FBI confirmed that DarkSide, a relatively new hacking group, was responsible for the cyberattack. DarkSide is likely based in Eastern Europe, possibly in Russia. The malicious computer code, referred to as “ransomware,” caused the shutdown. President Biden and others decried the ransomware attack that was used is a growing global problem.
Volz reported that senior Biden administration officials view ransomware, a practice that hackers use to lock up computer systems and demand a payment from victims for their release, as a digital blight capable of jeopardizing national and economic security.
President Biden said ransomware is a growing problem in need of a global response and more investment in critical infrastructure to safeguard critical systems from debilitating cyberattacks. While he and others said the Russian government didn’t appear to have a hand in this attack, he criticized Moscow for tolerating criminal hackers within its borders.
On the other hand, Senator Tom Cotton (R-Arkansas) explicitly blamed Russia on Fox News Primetime.
From my perspective, this event is most important in demonstrating our vulnerability to much larger, more significant threats. To begin with, the U.S. has about 2.5 million miles of pipelines, in a network involving hundreds of thousands of devices—sensors and valves that control flow and pressure within the pipelines and leak detection systems—connected to about 135 refineries with even more valves and sensors.
And that network doesn’t include electric utilities and the components of the sprawling electric power grid, upon with it depends. All are vulnerable to attack.
This should be a major wake-up call! Especially for those considering major investments to improve our critical infrastructure—and in my view especially the electric power grid, upon which our survival ultimately depends.
Happily, there are initiatives to fund cybersecurity improvements to the electric bulk power grid—the power plants and their high voltage transmission lines. But they need to be extended.
As my April 30 Newsmax article emphasized, those initiatives leave out 90-percent of the grid—i.e., the Distribution Grid that delivers electricity to the American people—their homes, businesses and associated supporting critical civil infrastructure, including water-wastewater, hospitals, communications, security, emergency management, etc.
Maybe I should have also explicitly noted that the pipelines that supply the gasoline, diesel fuel, and other petroleum products also depend on the omitted Distribution Grid. And those along the Eastern Seaboard would better understand my claim in the wake of the cyberattack on the Colonial Pipeline.
But, in my opinion, even more important is the fact that we are doing nothing to protect the entire grid against electromagnetic pulse (EMP) attacks that are included in the military doctrine of Russia, China, North Korea and Iran as the most horrific cyberattack strategy.
As the Congressional EMP Commission observed many years ago, the consequent loss of electricity would lead to the death of up to 90-percent of all Americans due to starvation, disease and societal collapse.
This condition is contrary to President Trump’s March 26, 2019 Executive Order 13865 "Coordinating National Resilience to Electromagnetic Pulses" that was strengthened and made the “law of the land” in an amendment to the National Defense Authorization Act for 2020 (NDAA 2020), sponsored by Senator Ron Johnson (R-Wisconsin) and signed into law on December 20, 2019.
The NDAA 2020 placed the National Security Council in charge—but there has been little or no apparent action executing that “law of the land.” I would urge the Congress to engage the Biden administration “powers that be” to examine why their instruction has not been followed.
It should be understood that we know how to protect the grid against such EMP attacks—actually have known for decades—because we have used that knowledge since the 1970s to protect our most important military systems.
Moreover, we know we can afford to use that knowledge to protect the grid, based on our Lake Wylie Pilot Study in Rock Hill, the fourth largest city in South Carolina and the rest of York County. And, as I discussed in last week’s message, we should address this problem “from the bottom-up” because of the complexity of that needed process.
The situation could not be clearer. We are vulnerable to an existential threat that we know how to address—and we can afford to do so.
Will the “powers that be” provide for the common defense as they are sworn to do?