Colonial Pipeline’s payment of ransom to extortionists who seized control of its east coast pipeline has set an enormously dangerous precedent. That danger is magnified tenfold by President Biden’s silence on the incident.
The extortionists, a group of cyber-criminals operating under the name “DarkSide,” reportedly first demanded $100 million for the decryption key that enabled it to resume the pipeline’s operation. Days later, they were satisfied with Colonial’s reported payment of $5 million for which they provided the decryption key to Colonial.
The Colonial pipeline is critical part of our energy infrastructure. It carries about 45% of the East Coast’s gasoline, as well as jet fuel and other essential fuels, to civilian and military consumers. Had the pipeline not been brought back online as soon as it had, the resulting lack of gasoline and other fuels could have disrupted severely Memorial Day weekend travel. As it was, supplies of gasoline to stations along the coast were blocked for days.
Ransomware attacks on our energy infrastructure occur many times every day. But because of the success of DarkSide’s attack, it’s now open season on America’s infrastructure. Three national security issues arise from the DarkSide attack.
First, who are the attackers and for whom are they working? Second, how wise — or foolish — is it to pay such ransoms? Third, what should the Biden administration do defend against such attacks?
DarkSide is apparently based somewhere in Eastern Europe. It may be a group of highly skilled gangsters or it may be a part of for Russian President Vladimir Putin’s intelligence services (or both.) We know that the group hasn’t attacked infrastructure in nations which comprised the former Soviet Union.
DarkSide has announced that it was disbanding, a claim that cannot be taken seriously. The same people can easily resume their attacks under a different name using different computer networks.
When asked if he was aware of the ransom payment, President Biden answered, “no comment.” Mr. Biden was briefed, more than once, on the attack. He, or his advisers, must have known about the ransom payment and either approved it or, equivalently, failed to object to it.
A ransomware attack such as this one doesn’t fit the legal definition of a terrorist attack but it could be an act of war.
Whenever a cyberattack causes casualties — which this one did not — or causes damage to or disruption of critical infrastructure, which this one did, it should be classified as an act of war. That’s why DarkSide’s personnel and whoever they were working for must be identified publicly. Then, we must take appropriate action – including economic sanctions and kinetic action — against all who were responsible for or ordered the attack, including any government.
Colonial’s wisdom in paying the ransom demand is highly questionable. For the company, it was a “damned if you do, damned if you don’t” decision. The disruption of East Coast energy supplies, as brief as this one was, could easily have damaged a large portion of our economy, and our national security if it were prolonged. When cars and trucks can’t drive and jets can’t fly — including military aircraft — the nation is endangered.
We need to know, in definitive terms, what Mr. Biden and his team did. Did they approve the ransom payment?
The apparent ease with which the DarkSide attack was perpetrated, and its success in extorting Colonial’s payment, proved redundantly that our infrastructure is vulnerable both to attack and blackmail. Companies and the government spend tens of billions of dollars every year on cyber security. Why can’t we prevent these attacks?
More successful cyberattacks on critical infrastructure will happen, and not only on pipelines. The energy grid, health care systems, even air traffic control and more are vulnerable to ransomware attacks and worse.
Having paid DarkSide’s extortion, Colonial has established a precedent that makes the U.S. energy infrastructure more vulnerable than before. China, Russia, Iran, North Korea and whatever criminal gangs that exist in those nations and governments now see a clear path to blackmail us, or worse. It is a short step from a ransomware attack to an attack that will kill people and break things.
The first thing Mr. Biden must do is level with the American people. It’s not enough to say “no comment.” The full disclosure of what he and his team told Colonial to do or not do is essential.
Beyond that, Mr. Biden needs to define — clearly and publicly — what his policy is for American responses to cyberattacks on our infrastructure. That policy should be that no ransoms will be paid, that our best computer scientists and engineers will use every tool to prevent and resolve any ransomware attack, and that any people or nations that are responsible for any such attack will be dealt with severely.
He should say that we will turn our own cyberwarriors loose with orders to attack and (or) counterattack whatever groups and whatever computer networks are being used to prepare or perpetrate cyberattacks on our infrastructure. It may be necessary to amend the law to provide for authority for offensive cyberattacks. If so, the president should make that legislation an urgent priority.
Mr. Biden’s silence is a demonstration of weakness. As former Defense Secretary Donald Rumsfeld always said, weakness is provocative.
• Jed Babbin, a deputy undersecretary of Defense in the George H.W. Bush administration, is the author of “In the Words of Our Enemies.”
Sign up for Daily Opinion Newsletter