SAN ANTONIO — After hackers took down the nation’s biggest gas pipeline operator, a former FBI expert is weighing in on the cyberwar that’s not only threatening the Colonial Pipeline, but other businesses as well.
The FBI confirmed a Russian group known as Darkside orchestrated the ransomware attack on Colonial Pipeline. On Friday, the cybercrime group locked up the company’s computer system and demanded a ransom.
Colonial Pipeline delivers about 45% of the east coast’s fuel supply. As the company shut down operations to investigate the disruption, fuel prices began spiking and people began hoarding gas in multiple states.
The fear surrounding the gas shortage even spilled into Texas. KENS 5 obtained video of lines of drivers waiting to fill up at a gas station in the Rio Grande Valley.
Jonathan Trimble, the founder and CEO of Bawn, a security firm which protects businesses across Texas, shared insight on the attack. Before he launched his company, he served 24 years in the FBI, where he was chief technology officer of the bureau's information management division.
He also supervised a number of criminal matters, including corporate fraud, identity theft, narcotics, child abductions and computer crime. Trimble said for the past 20 years cyberattacks have continued to rise.
“If this can happen to a large organization that they know plays a critical component in the nation’s economy, that type of event can happen to any type of business,” warned Trimble.
The energy grid and water supply in the nation barely has federally mandated cybersecurity protections. Trimble said when it comes businesses that are left to defend themselves, a ransom isn't what may be the costliest consequence—it's the fallout from a potential work stoppage.
“From a company standpoint, it’s a business decision. How much pain can that organization endure?” Trimble said. “The scariest statistic that I see is that 60% of small businesses that are hit by a cyberattack within 6 months are forced to shutter their businesses because of the cost of that cyberattack.”
The FBI confirmed it is working with the Colonial Pipeline to investigate the cyberattack. As for other businesses that don’t have a squad of federal investigators, Trimble advises owners to make security plans now.
“The best way to address that is to get ahead of that before it happens, because if they wait until happens and after they’re hit by an attack? There’s not much anyone can do to help them,” he said.
Colonial Pipeline restarted operations late Wednesday afternoon, but said in a statement it will take several days for deliveries to return to normal. The company did not give an update on the ransomware investigation.