2 Actions the U.S. Must Take in the Wake of the Colonial Pipeline Crisis

COMMENTARY Cybersecurity

2 Actions the U.S. Must Take in the Wake of the Colonial Pipeline Crisis

May 14th, 2021 5 min read

Commentary By

Dustin Carmack @DustinCarmack

Research Fellow in Technology Policy

Katie Tubb

Senior Policy Analyst

A sign reads "Temporarily Out of Service" is seen after ransomware cyberattack causes Colonial Pipeline to shut down, resulting in shortages in Washington D.C, U.S. on May 12, 2021 Yasin Ozturk / Anadolu Agency / Getty Images

Key Takeaways

Could the hack that took down a pipeline, leaving Americans in several states with gas shortages, happen again? Absolutely.

The government needs to be proactive in providing the private sector with real-time information about foreign threats to critical infrastructure assets in the U.S.

States and federal agencies that issued waivers and regulatory relief to ease fuel supply should strongly consider whether those regulations are necessary at all.

Could the hack that took down a pipeline, leaving Americans in several states with gas shortages, happen again? Absolutely. Policymakers and business leaders need to implement immediate reforms to protect Americans from future attacks. Businesses can no longer afford to not take cybersecurity seriously, and the government can help by building better tools and resources when attacks happen.

Build Defense Against Cyberattacks Without Government Bloat

After a group of cyber criminals known as DarkSide succeeded in causing massive disruption in the southeast with its ransomware attack on May 7—which wasn’t resolved until Wednesday evening—it became clear that U.S. infrastructure remains at risk.

The stakes are extremely high. In our highly interconnected world, cyberattacks against critical infrastructure can leave us highly vulnerable. As we saw with this DarkSide incident, a ransomware attack can cause immense (but fortunately short-term) economic disruption across a large segment of the country. But state-based cyberattacks from countries like China, Russia, Iran, and North Korea could lead to loss of property and even life.

Private industry and policymakers must grapple with is the ever-evolving vulnerabilities to and threats from cyberattacks. The old adage about the U.S. military—that it’s always prepared to fight the last war—applies here: business leaders and policymakers can’t simply react to the last cyberattack they sustained, they have to be proactive about securing themselves against future threats as well.

The Biden administration took a positive step forward by issuing an executive order on Wednesday that would promote better cybersecurity standards for federal agencies and contractors. But more action is needed. Congress needs to debate and consider legislation that would incentivize private companies to share information about cyberbreaches by allowing for liability protections and the safeguarding of proprietary information.

Likewise, the government needs to be proactive in providing the private sector with real-time information about foreign threats to critical infrastructure assets in the United States.

Business leaders, meanwhile, need to be on the same page when it comes to dealing with cybercriminals. Colonial Pipeline reportedly paid $5 million in untraceable cryptocurrency to DarkSide last Friday, which goes against the FBI’s recommendations to not reward cybercriminals. That was unwise.

Acquiescing to demands has done nothing to abate the uptick in ransomware attacks in past few years—if anything, these attacks have only grown in amount, frequency, and variety.

However, while the FBI’s recommendation here is correct—the government should refrain from mandating standards for the private sector. The private sector has incentive enough to protect their own systems, and oftentimes government mandates lock businesses into outdated responses.

Additionally, the United States must continue to signal to cyber adversaries there will be offensive costs imposed when actions such as these are taken, including consequences for those that provide safe harbor to these groups.

Keep Our Energy and Infrastructure Markets Free and Diversified

Americans get 80% of their total energy from fossil fuels. Petroleum fuels 90% of transportation in the U.S. The extent to which Americans use conventional fuels to get around was made abundantly clear after the Colonial Pipeline attack.

In fact, the gas shortage led some to argue that even more regulation is needed to wean Americans off gasoline, and to subsidize alternative fuels and electric vehicles. That certainly is what the $2.4 trillion American Jobs Plan is all about.

Such a proposal ignores the lessons of history. In a matter of less than a decade, the U.S. went from projections in the early 2000s of energy shortages to being the largest producer of oil in the world. The U.S. exported more petroleum than it imported in 2020, and petroleum production exceeded total consumption. That hasn’t happened since 1949, and it’s hard to overstate how revolutionary that is for domestic and international oil markets.  

The costly subsidies and regulatory mandates for renewable fuels in the Energy Policy Act of 2005 didn’t flip projections of energy shortages into abundance. It was George Mitchell and his company’s innovations to achieve affordable hydraulic fracturing technology. America has a wealth of oil—from which petroleum products like gasoline are derived—but it can do little good if left underground.

Further, the Colonial Pipeline crisis provides a powerful lesson in the same way that the Texas blackouts did in February. Robust, diverse energy infrastructure and supply are good for America. Too many politicians demonize oil and pipelines, and have preferred to orient the energy sector around catchy political slogans with arbitrary deadlines—putting them in direct conflict with the wellbeing of their constituents.

States, Congress, and the Biden administration ought to use this inflection point to get rid of or reform laws and regulations that unnecessarily cause rigidity in fuel production and supply. States and federal agencies that issued waivers and regulatory relief to ease fuel supply should strongly consider whether those regulations are even necessary at all.

Here are the issues that should be at the top of the list of federal reforms:

Reforming many of these laws and accompanying regulations would benefit not just the oil infrastructure and supply, but also renewable energy deployment. Some even had the limited support of the Obama administration.

The Need to Prevent Real Consequences

The Colonial Pipeline ordeal has shown that Americans face real consequences when cybercriminals attack our infrastructure. In times like this, the proper response is not to panic or to advocate for expanding government’s control.

Rather, the government should aid—not micromanage—the private sector and help build a layered cybersecurity response that isn’t bloated with bureaucracy. At the same time, the government can promote a resilient energy and infrastructure economy by further opening both markets and keeping them free and diversified.

This piece originally appeared in The Daily Signal.