“This is a real wake up call,” Chatterjee, a commissioner on the Federal Energy Regulatory Commission, told CNN Business in an exclusive interview Monday.
“Every CEO in the energy sector — and especially pipeline CEOs — should immediately convene their incident management teams to do a deep dive review of their security posture and protocols,” Chatterjee said.
The incident underscores just how vulnerable the nation’s critical infrastructure is to cyber attacks.
“These pipelines are now, in many ways, on the frontlines of our national defense,” said Chatterjee, a Republican who previously chaired FERC, which regulates the power grid and evaluates pipeline applications. (The Transportation Safety Administration regulates pipeline safety.)
‘Red alert’ for Washington
A criminal group originating from Russia named “DarkSide” is believed to be responsible for the attack on the Colonial Pipeline, the largest refined products pipeline in the United States. The FBI confirmed Monday that DarkSide ransomware was used in the attack.
“The United States government at its highest levels needs to be firm and clear that we will not tolerate nation states like Russia harboring ransomware teams. And we will defend our national interests,” Chatterjee said.
Greg Valliere, chief US policy strategist at AGF Investments, said the latest hack should be a “red alert” for the White House following years of hackers blackmailing local governments, businesses and hospitals.
“This lucrative enterprise has emboldened criminals, but the response from Washington has been glacial, even as far more sophisticated hacks increase from countries like Russia and China,” Valliere wrote in a note to clients Monday.
Prolonged shutdown could cause ‘widespread’ fuel shortages
It would be hard to find a larger target than the Colonial Pipeline, which transports more than 100 million gallons of fuel daily from the US Gulf Coast to the East Coast.
“I can’t emphasize enough how critical it is,” Chatterjee said of the pipeline.
The worry is that a prolonged shutdown will leave drivers and airports without the fuel they need — just as the US economy reopens from the pandemic.
“Depending on the duration, the supply shock could leave the region with widespread fuel shortages,” Michael Tran, RBC Capital’s director of global energy strategy, wrote in a note to clients.
The Colonial Pipeline Company, a privately held firm based in Alpharetta, Georgia, said Sunday it is developing a system restart plan. The company said its four main pipelines remain offline, but some smaller ones between terminals and delivery points are now operational.
Ready for the next attack?
The attack is just the latest surprise event to disrupt a key part of the world’s energy infrastructure.
The Colonial Pipeline shutdown also raises questions about the cyber preparedness of the facility and the energy industry at large.
“They worked quickly to try and maintain operational security,” Chatterjee said. “But clearly the fact that such a critical pipeline has come offline is of concern to everyone.”
Asked if the federal government is doing enough to protect against cyber threats, Chatterjee said, “We can always do better.” And he emphasized that the standards set by regulators need to be the floor, not the ceiling, when it comes to cyber defenses.
“Our adversaries are sophisticated and are consistently evolving and continually evolving their tactics and methods and approaches,” Chatterjee said. “And we need to do the same.”
— CNN’s Kevin Liptak contributed to this report