NEW BERN, Craven County — The federal government is taking action, pushing for stronger cybersecurity as the nation's largest pipeline system for refined oil remains shut down after it was hacked by ransomware.
According to an expert with Akamai Cyber Security, a cyberattack on this scale is unprecedented in the U.S.
"In the U.S., this is the first large scale, at least to this size, attack that we've seen involving the energy sector,” Charles Gero said.
U.S. Transportation Secretary Pete Buttigieg said in a White House briefing, "We need to be sure we're resilient in the face of cyber threats. This is not an extra. This is not a luxury. This is not an option."
A stark message that comes as the nation's largest refined oil pipeline remains shut down for yet another day, leaving 70% of New Bern, Greenville and Washington's gas stations empty.
"This has to be core to how we secure our critical infrastructure," he added,
Gero agrees that cybersecurity needs to be a priority, and added that this unprecedented attack won't be the last.
"I think these attacks are going to increase so long as there is an economic incentive," he said.
Gero said the economic incentive comes from companies failing to back up critical information, allowing hackers to easily hold that information for ransom, just like in the Colonial Pipeline disaster.
"So, when they lose access to that data, they're willing to go to extraordinary lengths to get that back,” he explained, “Which often means in many cases folks are willing to pay the perpetrators back, which creates an economic incentive."
He added that governments, hospitals and other critical organizations could be vulnerable.
"It’s extraordinarily high that this is going to happen. and as these classic industries begin to be more connected on the internet, the greater the threat is for them because they are not prepared for it,” Gero said.
So, what is the solution? Gero said it's two tiered. The first, taking preventative action like installing antivirus software and backing up information so if there is a breach the economic incentive is eliminated and cyber attackers have no further incentive to hack in.
"You might lose a few days worth of data,” Gero said, “But that's far better than having to pay someone who's extorting you and be offline for weeks.”
Gero said he believes eliminating economic incentives could at least help curb the number of cyberattacks he expects will increase otherwise.
Meanwhile, the federal government announced Wednesday that the American Jobs Plan will now be funding and supporting cybersecurity protection for local authorities, states or other bodies needing help with resiliency.