Cybersecurity Eastern Europe Energy & Environment Oil and Gas Security & Defense Technology & Innovation United States and Canada
Fast Thinking May 11, 2021

FAST THINKING: How to stop the next pipeline hack

By Atlantic Council


Ransomware is rampant. The biggest fuel pipeline in the United States was shut down in recent days after hackers stole some one hundred gigabytes of data from Colonial Pipeline and threatened to release it unless the company paid up. The hack has been tied to an Eastern European (and possibly Russia-based) collective known as DarkSide, and US President Joe Biden has said that Russia bears some responsibility for the hack, even though the attack does not appear to have been state-sponsored. How can companies fight back against this rising trend of ransomware attacks? What can the Biden administration do? And what will this mean for the prices you pay at the pump? Our experts are here to fill you in, free of charge.


  • Cynthia Quarterman: Distinguished fellow at the Global Energy Center and former administrator of the US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration
  • Andy Bochman: Nonresident senior fellow at the Global Energy Center and the senior grid strategist for Idaho National Laboratory’s National and Homeland Security directorate

A rising threat

  • Colonial Pipeline is aiming to restore most of its operations by the end of this week, as lines of panic buyers form at gas stations across the Southeastern United States. Cynthia says any increase in gas prices “is likely to be mildly escalatory and short-lived.” But she adds that the hack “exposes the soft underbelly of the nation’s critical energy infrastructure.”
  • If a company like Colonial, which should have the resources for robust cyber defenses, could be “paralyzed,” Cynthia adds, that means smaller companies are even more vulnerable to attack. “In that circumstance, an environmental, explosive, or economic catastrophe might not be averted.” 
  • The threat goes well beyond energy. The Colonial Pipeline hack is one of the most high-profile ransomware incidents in recent years, but it’s part of a surging trend, David points out. According to data compiled by the GeoTech Center, the global cost of ransomware attacks soared from $11.5 billion in 2019 to $20 billion in 2020, with the average downtime for an organization rising from 6.2 days to 16.2 days. 
  • “The good news is technology is getting democratized, and the bad news is technology is getting democratized,” David says. Ordinary “people can do things that only sophisticated nation-states could do 40 years ago.”

Subscribe to Fast Thinking email alerts

Sign up to receive rapid insight in your inbox from Atlantic Council experts on global events as they unfold.

  • This field is for validation purposes and should be left unchanged.

How to fight back

  • If everyone is at risk, how can companies prepare? Andy suggests developing a “Plan B” in case your operations are shut down and making sure all your IT “crown jewels” are “fully backed up off-line and restorable.” He adds that “conducting recurring and very realistic exercises will let you know whether your plans work or need revision. Do all of that, then rinse and repeat, and don’t stop.”
  • David floats another idea: space. Commercial satellites can be used to store company data as a backup. “If you have something that compromises ground-based assets, then you move to the space cloud,” he says.
  • But couldn’t someone just hack your satellite? David says communication to space assets would be limited, via only laser modems that would catch the satellite as it passes overhead. “You have a little more control than over the regular internet,” he says.

The role of government

  • Biden on Monday promised a “global effort” led by the US Department of Justice against “transnational criminals,” along with new public-private collaboration to improve cybersecurity. But Cynthia notes that the government’s role of coordinating cybersecurity and advising private companies “is daunting and grossly underfunded.” When there’s a massive breach, the typical solution would be for the government to take over, but “there is no clear solution, no clearly articulated vision of what the government would do if it took over.”
  • David urges more transparency from governments and particularly private companies when they do get hacked. Right now, many of them withhold information because they fear reactions from customers or shareholders. But if we could map ransomware attacks with the same precision that we have for COVID-19 cases, for instance, it could be a real wake-up call. 
  • “We’ve got cyber fatigue,” David says. “No one event is going to motivate people to do anything. It’s when you quantify” security breaches that more people will get involved in fixing it. “The solutions will come not from policymakers, but from entrepreneurs.”

Further reading

Related Experts: Cynthia Quarterman, David Bray, and Andy Bochman

Image: Holding tanks are seen in an aerial photograph at Colonial Pipeline's Charlotte Tank Farm in Charlotte, North Carolina, on May 10, 2021. Photo via REUTERS/Drone Base.