What do you think? Leave a respectful comment.

The Colonial Pipeline shutdown: Latest news and how the US can prepare for next time

Nearly a week after a ransomware attack forced Colonial Pipeline to shut down, the company announced it has restored service. The shutdown disrupted gas supplies along the East Coast — full recovery may still take days. The attack has highlighted the vulnerability of U.S. infrastructure to similar attacks. Cynthia Quarterman, a Distinguished Fellow with the Atlantic Council’s Global Energy Center, joins.

Read the Full Transcript

  • Hari Sreenivasan:

    Nearly a week after a ransomware attack forced Colonial Pipeline to shut down operations, the company announced on Thursday that it had restored service to its entire pipeline system. The shutdown disrupted gas supplies along the East Coast and caused panic buying, leaving some gas stations without fuel. A full recovery may still take several days. The attack also highlighted the vulnerability of the country's infrastructure to similar attacks. For more on the pipeline hack, I spoke with Cynthia Quarterman, a distinguished fellow with the Atlantic Council's Global Energy Center and former administrator of the US Department of Transportation's Pipeline and Hazardous Materials Safety Administration during the Obama administration.

    Miss Quarterman, what is this ransomware attack tell you about just a larger infrastructure question that we should all be grappling with?

  • Cynthia Quarterman:

    That we have a very large infrastructure problem with respect to cybersecurity and being prepared for ransomware and other attacks, whether it be from a nation-state or from private criminal network.

  • Hari Sreenivasan:

    Did we get away lucky this time?

  • Cynthia Quarterman:

    Oh, absolutely. I think we did. I think DarkSide may have bitten off more than they could chew when they attacked Colonial. I think we've had a lot of lucky breaks recently. So we need to now switch from being lucky to being smart.

  • Hari Sreenivasan:

    What's to prevent someone who actually wants to do harm to the United States from creating software, given that they would probably have more resources than a collective group of hackers?

  • Cynthia Quarterman:

    Nothing prevents it. We need to be much better prepared. I think the administration, in their executive order, is moving forward to help the government agencies themselves improve what they're doing. But it's a free market economy. We have set up the system. We've got thousands of pipeline operators out there. And not just pipeline operators, but electric utilities and others who need a lot of help.

  • Hari Sreenivasan:

    So how do we harden this infrastructure? Should this be the kind of spending that we should be engaged in to say, hey, guess what, protecting from a cyber attack should be just like protecting from the weather?

  • Cynthia Quarterman:

    Oh, it is absolutely the same. I agree with you wholeheartedly. We have a huge conundrum here. There is no silver bullet to fix this. There are only a series of steps that we can take to try to prevent this from happening again in the future. And to, if it does happen, to be prepared, as my former partner Stewart Baker said, to fail gracefully.

  • Hari Sreenivasan:

    What are the ramifications if someone decided to hold Colonial or any other pipeline hostage, so to speak, for their information? What happens in America?

  • Cynthia Quarterman:

    If Colonial were not able to come back online immediately, it would take obviously weeks for us to get oil from other sources. If you remember Superstorm Sandy, we had a very similar incident happen. That was all also Colonial Pipeline, it's a big juggernaut.

  • Hari Sreenivasan:

    Most of these operators, if they're in the public markets, they're interested in maximizing their profits and returns to shareholders. What's the case that you would make for them, to them, I suppose, and to all of us to sort of think a little bit bigger?

  • Cynthia Quarterman:

    You know, we have this great free-market economy where we have companies thinking of all these fascinating, creative, innovative things to do. We need to think about the failure, what happens if there's a failure? We have a failure of the imagination about our failures and what are the repercussions if something goes wrong?

  • Hari Sreenivasan:

    So is this likely to be something that needs a regulatory intervention or a legislative one? How do we make sure this doesn't happen again?

  • Cynthia Quarterman:

    Probably all of the above. I think it will happen again, unfortunately. But you need to be prepared. Right now there are guidelines for pipeline companies that are not required. And part of the problem is that it's difficult to make those requirements because you have mom-and-pop pipeline companies and you have Colonial Pipeline Company. Where do you create a regulatory system between those two?

  • Hari Sreenivasan:

    Beyond just the infrastructure we're talking about in pipelines, we're talking about hospitals, talking about education systems, police departments, all of these have been held up, so to speak, by cybercriminals.

  • Cynthia Quarterman:

    And depending on what the industry is, the amount of investment available varies. I'm in a hospital, for example, may not have the kinds of money necessary, which means the government needs to help them. That is a role for government to serve.

  • Hari Sreenivasan:

    Cynthia Quarterman, thanks so much for joining us.

  • Cynthia Quarterman:

    Thanks for having me.

Listen to this Segment