Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Nashville news?

Get a daily digest of the most important stories affecting your hometown with the Axios Nashville newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Columbus news?

Get a daily digest of the most important stories affecting your hometown with the Axios Columbus newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Dallas news?

Get a daily digest of the most important stories affecting your hometown with the Axios Dallas newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

Last weekend's ransomware attack on a major U.S. energy pipeline highlighted a growing dilemma facing U.S. companies and institutions: the more their processes go digital, the more vulnerable they are to malicious digital attacks.

Why it matters: The tech industry loves to talk up how the pandemic accelerated the pace of digital transformation, which it has. But that brings fresh risks from cyberattacks with a broad range of motivations — from hacker mischief to international espionage to financial profit, as appears to be the case with the new incident.

Catch up quick: Colonial runs the largest refined products pipeline in the country, transporting over 100 million gallons per day from Texas to the Northeast and providing roughly 45% of the region's fuel needs.

  • It was shut down on Sunday in response to a ransomware attack, and will be reopened in "an incremental process" over the course of this week, per a corporate statement.
  • Monday the FBI attributed the attack to a group called DarkSide, likely operating in Russia or eastern Europe, that specializes in attacks on for-profit companies.

Of note: DarkSide operates in a "ransomware-as-a-service" mode borrowed from the software industry's dominant business model: The group provides a set of readymade tools for its customers to employ in order to blackmail companies.

  • That makes it even harder to be sure of the attackers' identities and motives.
  • DarkSide even posted a sort-of apology for the attack, claiming that it is looking to make money, not disrupt society.

Yes, but: Companies and organizations also face threats from nation-state actors that are looking to attack infrastructure or steal secrets, and there's no easy way to draw a clear line between different kinds of attackers.

What they're saying: "I believe cybersecurity will be the issue of this decade in terms of how much worse it is going to get," IBM CEO Arvind Krishna said Monday during a briefing with reporters. "The value lies in data so people are going to come after data."

Between the lines: Companies also face a computing world that's changed from the era when they stored most of their critical information on their own servers. That didn't necessarily mean better security — often the opposite — but, arguably, more of the data was in their control.

  • These days, organizations tend to have some of their data in house, but they also rely on cloud providers like Amazon's AWS, Microsoft Azure and Google Cloud. Plus, many also rely on software-as-a-service companies like Salesforce.
  • And, even where data is stored locally, companies often rely on software from others, meaning that they are only as secure as the least secure product they rely on. Hence, the power of last winter's SolarWinds attack.

The big picture: The Colonial attack comes after a year in which cities and hospitals emerged as frequent targets.

  • Ransomware tactics force critical infrastructure providers "to choose between indefinite suspension of critical business processes or paying the ransom," says Forrester analyst Allie Mellen.

What's next: The pipeline attack came as the Biden administration is preparing a new executive order aimed at strengthening U.S. resilience in the face of new digital threats — including, per the New York Times, tighter standards for federal contractors and requirements that software makers report vulnerabilities to the government.

  • IBM's Krishna suggested the creation of a government agency with the scale of NASA's effort to put a man on the moon: "There should be a a similar public-private partnership today where you invest an equal amount of money as the inflation-adjusted NASA amount."

Go deeper: What to know about the Colonial Pipeline cyberattack

Go deeper

Updated May 10, 2021 - Energy & Environment

Colonial Pipeline aims to be "substantially" back online by end of week

Photo: Luke Sharrett/Bloomberg via Getty Images

The FBI confirmed in a statement Monday that a professional cybercriminal group called DarkSide was responsible for a ransomware attack on the Colonial Pipeline network, which provides roughly 45% of the fuel used on the East Coast.

The latest: President Biden said at a press briefing that there is no evidence so far to indicate that Russia was involved in the attack, although he plans to meet with Russian President Vladimir Putin soon. Officials previously said no countries are being blamed for the attack.

Updated May 8, 2021 - Energy & Environment

Ransomware attack forces shutdown of major U.S. fuel pipeline

A police officer stands guard inside the gate to the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama, in 2016. Photo: Luke Sharrett/Bloomberg via Getty Images

A major U.S. fuel pipeline running from Texas to New York has been taken offline by its operator because of a ransomware attack, Colonial Pipeline said Saturday.

Why it matters: It's a significant breach of critical infrastructure and comes on the heels of multiple other major cyberattacks on both U.S. companies and the federal government.

America’s gas “jugular” gets attacked

The Colonial Pipeline provides around 45% of the fuel used between Florida and Maine, transporting over 100 million gallons per day. But over the weekend, a ransomware attack caused the entire pipeline to shut down.

Axios Re:cap digs into what we know about this attack, what it tells us about U.S. energy vulnerability, and what it means for transportation in the short term with energy expert Amy Myers Jaffe.