美國(guó)最大燃油管道商暫停運(yùn)營(yíng),僅僅是一個(gè)“警告”
Katherine Dunn
2021-05-12
科洛尼爾管道公司位于美國(guó)阿拉巴馬州佩勒姆的一處管道設(shè)施,。在2021年5月初發(fā)生網(wǎng)絡(luò)攻擊近兩天后,,燃料供應(yīng)商擔(dān)心美國(guó)東部地區(qū)可能出現(xiàn)汽油和柴油短缺。圖片來(lái)源:Luke Sharrett—Bloomberg/Getty Images
科洛尼爾管道公司(Colonial Pipeline)的關(guān)鍵基礎(chǔ)設(shè)施已經(jīng)持續(xù)關(guān)閉三日,,油價(jià)和天然氣價(jià)格也已經(jīng)擺脫潛在供應(yīng)緊缺前景的影響,。但讓能源行業(yè)感到不安的并不是汽油供應(yīng)短缺的風(fēng)險(xiǎn)。
多年來(lái),,網(wǎng)絡(luò)安全專(zhuān)家和美國(guó)政府一直在警告能源行業(yè),這一行業(yè)極易遭受勒索軟件網(wǎng)絡(luò)攻擊,。上周末,,科洛尼爾管道公司就因此而被迫關(guān)閉運(yùn)輸管道。
事實(shí)上,,去年就有過(guò)一次警示,,當(dāng)時(shí)新冠疫情正在全球蔓延,一家未披露名稱(chēng)的美國(guó)管道系統(tǒng)遭受勒索軟件攻擊,。美國(guó)網(wǎng)絡(luò)安全與基礎(chǔ)設(shè)施安全局(U.S. Cybersecurity and Infrastructure Security Agency)報(bào)告稱(chēng),,一家天然氣壓縮設(shè)施的IT系統(tǒng)遭受魚(yú)叉式網(wǎng)絡(luò)釣魚(yú)攻擊,系統(tǒng)被植入勒索軟件,,導(dǎo)致該公司失去了對(duì)某些系統(tǒng)的控制權(quán),。雖然沒(méi)有失去運(yùn)營(yíng)控制權(quán),但該公司不得不關(guān)閉管網(wǎng)兩天,。
此次事件再次發(fā)出警告,,該運(yùn)營(yíng)商并未制定應(yīng)對(duì)網(wǎng)絡(luò)攻擊的具體應(yīng)急計(jì)劃,而且完全不了解如何應(yīng)對(duì)網(wǎng)絡(luò)攻擊,。調(diào)查這起攻擊事件的美國(guó)機(jī)構(gòu)稱(chēng),,此次事件“促使所有關(guān)鍵基礎(chǔ)設(shè)施行業(yè)的資產(chǎn)所有者及運(yùn)營(yíng)商開(kāi)始審查……有安全隱患的技術(shù),并確保采取相應(yīng)的緩解措施,?!?/p>
換句話(huà)說(shuō)就是:時(shí)刻準(zhǔn)備好。
攻擊疑似俄羅斯組織所為,?
此次事件是一次預(yù)警,。5月10日,俄羅斯一個(gè)名為黑暗面(DarkSide)的專(zhuān)業(yè)網(wǎng)絡(luò)犯罪組織聲稱(chēng)對(duì)此次輸油管道攻擊事件負(fù)責(zé),,顯然是想向管道運(yùn)營(yíng)商科洛尼爾管道公司勒索贖金,。該管道在墨西哥灣沿岸(Gulf Coast)輸送燃料,負(fù)責(zé)東海岸45%的燃料供應(yīng),。
位于挪威的咨詢(xún)公司睿咨得能源(Rystad Energy)的石油市場(chǎng)分析師路易絲·迪克森稱(chēng):“像美國(guó)科洛尼爾管道公司這樣的關(guān)鍵石油基礎(chǔ)設(shè)施遭受黑客攻擊的情況并不常見(jiàn),?!?/p>
盡管如此,因印度等亞洲國(guó)家的能源需求由于新冠疫情下滑,,受此拖累,,5月10日上午油價(jià)下跌:布倫特原油下跌1.11%,WTI原油期貨下跌1.28%,,美國(guó)主要汽油期貨合約下跌0.51%,。
迪克森指出,即使輸油管道幾天內(nèi)無(wú)法恢復(fù)運(yùn)行,,供應(yīng)也不會(huì)受到影響,,但如果關(guān)閉時(shí)間過(guò)長(zhǎng),油價(jià)可能會(huì)上漲,。然而真正的問(wèn)題并不在于潛在供應(yīng)短缺:因?yàn)榘莸钦呀?jīng)放寬了運(yùn)輸限制,,允許經(jīng)公路運(yùn)輸燃料,美國(guó)可以使用其充足的庫(kù)存,。此外,,東海岸還能夠跨越大西洋從歐洲煉油廠進(jìn)口汽油和柴油。
更大的風(fēng)險(xiǎn)在于,,科洛尼爾管道公司中斷僅僅是一次警告,。多年來(lái),專(zhuān)家和業(yè)內(nèi)人士一直在警告,,鑒于能源系統(tǒng)所遭受攻擊的規(guī)模和復(fù)雜性,,每天可能發(fā)生多起攻擊事件,并且其中的大部分攻擊是針對(duì)關(guān)鍵基礎(chǔ)設(shè)施,,能源行業(yè)在網(wǎng)絡(luò)安全方面的投資明顯不足,。一些能源巨頭自己也承認(rèn),控制如此大規(guī)模,、如此復(fù)雜的攻擊是一大挑戰(zhàn),,而且其中一些攻擊已經(jīng)成功。墨西哥國(guó)家石油公司Pemex在2019年年底就遭受了一次網(wǎng)絡(luò)攻擊,,此次事件引起了廣泛關(guān)注,,黑客要求支付價(jià)值500萬(wàn)美元的比特幣作為贖金。
能源行業(yè)極易遭受攻擊
盡管從醫(yī)院網(wǎng)絡(luò)到美國(guó)政府等多個(gè)領(lǐng)域都遭受了此類(lèi)攻擊,,但能源行業(yè)尤其易受攻擊,。麥肯錫公司(McKinsey)在2020年發(fā)表的一篇文章中警告稱(chēng),公用事業(yè)公司和天然氣公司因?yàn)槠鋸?fù)雜性,、地理分散性,,加之實(shí)體和虛擬基礎(chǔ)設(shè)施的網(wǎng)絡(luò)重疊,更易遭受攻擊,。
西門(mén)子能源(Siemens Energy)在去年警告稱(chēng),,能源行業(yè)系統(tǒng)運(yùn)行強(qiáng)度大,,也會(huì)讓其面臨攻擊風(fēng)險(xiǎn):數(shù)字運(yùn)營(yíng)基礎(chǔ)設(shè)施全天候運(yùn)行,幾乎不會(huì)停機(jī),。
麥肯錫警告稱(chēng),,攻擊的動(dòng)機(jī)也多種多樣,有國(guó)家支持的出于地緣政治目的的攻擊,,例如,,沙特石化設(shè)施遭受了一次廣為人知的攻擊,沙特政府認(rèn)為此次攻擊是伊朗所為,;也有出于經(jīng)濟(jì)目的的攻擊,,為的是向遭受攻擊的公司勒索錢(qián)財(cái);還有“黑客行為主義者”攻擊,,意在對(duì)能源行業(yè)提出抗議,。
目前,令人擔(dān)憂(yōu)的是,,科洛尼爾管道公司的運(yùn)輸管道暫停運(yùn)營(yíng)僅僅是一個(gè)開(kāi)始。(財(cái)富中文網(wǎng))
譯者:郝秀
審校:汪皓
科洛尼爾管道公司(Colonial Pipeline)的關(guān)鍵基礎(chǔ)設(shè)施已經(jīng)持續(xù)關(guān)閉三日,,油價(jià)和天然氣價(jià)格也已經(jīng)擺脫潛在供應(yīng)緊缺前景的影響,。但讓能源行業(yè)感到不安的并不是汽油供應(yīng)短缺的風(fēng)險(xiǎn)。
多年來(lái),,網(wǎng)絡(luò)安全專(zhuān)家和美國(guó)政府一直在警告能源行業(yè),,這一行業(yè)極易遭受勒索軟件網(wǎng)絡(luò)攻擊。上周末,,科洛尼爾管道公司就因此而被迫關(guān)閉運(yùn)輸管道,。
事實(shí)上,去年就有過(guò)一次警示,,當(dāng)時(shí)新冠疫情正在全球蔓延,,一家未披露名稱(chēng)的美國(guó)管道系統(tǒng)遭受勒索軟件攻擊。美國(guó)網(wǎng)絡(luò)安全與基礎(chǔ)設(shè)施安全局(U.S. Cybersecurity and Infrastructure Security Agency)報(bào)告稱(chēng),,一家天然氣壓縮設(shè)施的IT系統(tǒng)遭受魚(yú)叉式網(wǎng)絡(luò)釣魚(yú)攻擊,,系統(tǒng)被植入勒索軟件,導(dǎo)致該公司失去了對(duì)某些系統(tǒng)的控制權(quán),。雖然沒(méi)有失去運(yùn)營(yíng)控制權(quán),,但該公司不得不關(guān)閉管網(wǎng)兩天。
此次事件再次發(fā)出警告,,該運(yùn)營(yíng)商并未制定應(yīng)對(duì)網(wǎng)絡(luò)攻擊的具體應(yīng)急計(jì)劃,,而且完全不了解如何應(yīng)對(duì)網(wǎng)絡(luò)攻擊。調(diào)查這起攻擊事件的美國(guó)機(jī)構(gòu)稱(chēng),,此次事件“促使所有關(guān)鍵基礎(chǔ)設(shè)施行業(yè)的資產(chǎn)所有者及運(yùn)營(yíng)商開(kāi)始審查……有安全隱患的技術(shù),,并確保采取相應(yīng)的緩解措施,。”
換句話(huà)說(shuō)就是:時(shí)刻準(zhǔn)備好,。
攻擊疑似俄羅斯組織所為,?
此次事件是一次預(yù)警。5月10日,,俄羅斯一個(gè)名為黑暗面(DarkSide)的專(zhuān)業(yè)網(wǎng)絡(luò)犯罪組織聲稱(chēng)對(duì)此次輸油管道攻擊事件負(fù)責(zé),,顯然是想向管道運(yùn)營(yíng)商科洛尼爾管道公司勒索贖金。該管道在墨西哥灣沿岸(Gulf Coast)輸送燃料,,負(fù)責(zé)東海岸45%的燃料供應(yīng),。
位于挪威的咨詢(xún)公司睿咨得能源(Rystad Energy)的石油市場(chǎng)分析師路易絲·迪克森稱(chēng):“像美國(guó)科洛尼爾管道公司這樣的關(guān)鍵石油基礎(chǔ)設(shè)施遭受黑客攻擊的情況并不常見(jiàn)?!?/p>
盡管如此,,因印度等亞洲國(guó)家的能源需求由于新冠疫情下滑,受此拖累,,5月10日上午油價(jià)下跌:布倫特原油下跌1.11%,,WTI原油期貨下跌1.28%,美國(guó)主要汽油期貨合約下跌0.51%,。
迪克森指出,,即使輸油管道幾天內(nèi)無(wú)法恢復(fù)運(yùn)行,供應(yīng)也不會(huì)受到影響,,但如果關(guān)閉時(shí)間過(guò)長(zhǎng),,油價(jià)可能會(huì)上漲。然而真正的問(wèn)題并不在于潛在供應(yīng)短缺:因?yàn)榘莸钦呀?jīng)放寬了運(yùn)輸限制,,允許經(jīng)公路運(yùn)輸燃料,,美國(guó)可以使用其充足的庫(kù)存。此外,,東海岸還能夠跨越大西洋從歐洲煉油廠進(jìn)口汽油和柴油,。
更大的風(fēng)險(xiǎn)在于,科洛尼爾管道公司中斷僅僅是一次警告,。多年來(lái),,專(zhuān)家和業(yè)內(nèi)人士一直在警告,鑒于能源系統(tǒng)所遭受攻擊的規(guī)模和復(fù)雜性,,每天可能發(fā)生多起攻擊事件,,并且其中的大部分攻擊是針對(duì)關(guān)鍵基礎(chǔ)設(shè)施,能源行業(yè)在網(wǎng)絡(luò)安全方面的投資明顯不足,。一些能源巨頭自己也承認(rèn),,控制如此大規(guī)模、如此復(fù)雜的攻擊是一大挑戰(zhàn),,而且其中一些攻擊已經(jīng)成功,。墨西哥國(guó)家石油公司Pemex在2019年年底就遭受了一次網(wǎng)絡(luò)攻擊,,此次事件引起了廣泛關(guān)注,黑客要求支付價(jià)值500萬(wàn)美元的比特幣作為贖金,。
能源行業(yè)極易遭受攻擊
盡管從醫(yī)院網(wǎng)絡(luò)到美國(guó)政府等多個(gè)領(lǐng)域都遭受了此類(lèi)攻擊,,但能源行業(yè)尤其易受攻擊。麥肯錫公司(McKinsey)在2020年發(fā)表的一篇文章中警告稱(chēng),,公用事業(yè)公司和天然氣公司因?yàn)槠鋸?fù)雜性,、地理分散性,加之實(shí)體和虛擬基礎(chǔ)設(shè)施的網(wǎng)絡(luò)重疊,,更易遭受攻擊,。
西門(mén)子能源(Siemens Energy)在去年警告稱(chēng),能源行業(yè)系統(tǒng)運(yùn)行強(qiáng)度大,,也會(huì)讓其面臨攻擊風(fēng)險(xiǎn):數(shù)字運(yùn)營(yíng)基礎(chǔ)設(shè)施全天候運(yùn)行,,幾乎不會(huì)停機(jī)。
麥肯錫警告稱(chēng),,攻擊的動(dòng)機(jī)也多種多樣,,有國(guó)家支持的出于地緣政治目的的攻擊,例如,,沙特石化設(shè)施遭受了一次廣為人知的攻擊,,沙特政府認(rèn)為此次攻擊是伊朗所為;也有出于經(jīng)濟(jì)目的的攻擊,,為的是向遭受攻擊的公司勒索錢(qián)財(cái);還有“黑客行為主義者”攻擊,,意在對(duì)能源行業(yè)提出抗議,。
目前,令人擔(dān)憂(yōu)的是,,科洛尼爾管道公司的運(yùn)輸管道暫停運(yùn)營(yíng)僅僅是一個(gè)開(kāi)始,。(財(cái)富中文網(wǎng))
譯者:郝秀
審校:汪皓
As the shutdown of Colonial Pipeline’s critical infrastructure stretches into a third day, oil and gas prices were shrugging off the prospect of a potential supply crunch. But it isn’t the risk of a gasoline shortage that is giving the industry the jitters.
For years, cybersecurity experts and the U.S. government have been warning the energy industry that it remains all too vulnerable to the kind of ransomware cyberattack that knocked Colonial offline over the weekend.
Those warnings, in fact, included an alert just last year—as the pandemic was spreading around the globe—about another, unnamed U.S. pipeline system affected by a ransomware attack. The U.S. Cybersecurity and Infrastructure Security Agency reported that a spear-phishing attack had gained access to the IT systems at a natural gas compression facility, unleashing ransomware internally that resulted in the company losing sight of some of its own systems. While it didn’t lose control of its operations, the company had to shut down its pipeline network for two days.
The alert highlighted warnings that the operator didn’t have in place a specific emergency plan to deal with cyberattacks and that it had gaps in its knowledge about how to manage them. The U.S. agency that investigated the attack said that it “encourages asset owner operators across all critical infrastructure sectors to review the…threat actor techniques and ensure the corresponding mitigations are applied.”
In other words: Get ready.
Russians suspected
It was a prescient warning. On May 10, a Russian network called DarkSide claimed responsibility for the attack on the pipeline—which runs from the Gulf Coast and provides 45% of the East Coast’s fuel supply—in an apparent effort to extort a ransom payment from the operator, Colonial Pipeline.
“It’s not often that hackers manage to hit such crucial oil infrastructure such as Colonial’s pipelines in the U.S.,” says Louise Dickson, oil markets analyst at Norway’s Rystad Energy consultancy.
Nonetheless, on May 10 morning, oil prices were feeling bearish, dragged down by the larger picture of flagging demand in Asia and India owing to the pandemic: Brent was down 1.11%, and WTI was down 1.28% on May 10 morning, while the main U.S. gasoline futures contract was down 0.51%.
Though it wouldn’t affect supplies if the pipeline isn’t back online for a few days, a more prolonged outage could lead to increased prices, Dickson notes. However, the real issue here isn’t a prospective supply shortage: The U.S. can draw from its ample inventories, as the Biden administration has loosened the rules to allow for fuel to be transported by road instead. The East Coast can also pull cargo of gasoline and diesel across the Atlantic from refineries in Europe.
The bigger risk is that the Colonial Pipeline outage is a mere warning shot. For years, experts and industry insiders have warned that the energy sector is underinvesting in cybersecurity given the scale and complexity of the attacks on its systems—multiple attacks, per day—much of it on critical infrastructure. Some energy majors have themselves admitted that managing the scale and sophistication of the attacks they see is a major challenge, and some of those attacks have been successful. Pemex, the Mexican state energy company, was hit by a high-profile attack in late 2019, when hackers demanded $5 million in Bitcoin as ransom.
Particularly vulnerable
Though such attacks have hit everything from hospital networks to the U.S. government, the energy industry is particularly vulnerable. In a 2020 article, McKinsey warned that utilities and gas companies were more at risk because of their complexity, with geographically diverse, overlapping networks of both physical and cyber infrastructure.
Siemens Energy warned last year that it was the intensity of the sector’s operational systems that also put it at risk: Operational digital infrastructure runs 24/7, with virtually no downtime.
There are also plenty of motives, McKinsey warned. They include state-backed, geopolitically motivated attacks—including a famous attack on a Saudi petrochemical facility that the Saudi government attributed to Iran; economically motivated attacks designed to extort money from desperate companies; and “hacktivist” attacks intended as a protest against the energy industry.
The worry now is that the Colonial Pipeline outage is just the beginning.
財(cái)富中文網(wǎng)所刊載內(nèi)容之知識(shí)產(chǎn)權(quán)為財(cái)富媒體知識(shí)產(chǎn)權(quán)有限公司及/或相關(guān)權(quán)利人專(zhuān)屬所有或持有。未經(jīng)許可,,禁止進(jìn)行轉(zhuǎn)載,、摘編、復(fù)制及建立鏡像等任何使用,。
