Colonial Pipeline, based in Alpharetta, Ga., is owned by several American and foreign companies and investment firms, including Koch Industries and Royal Dutch Shell. The pipeline connects Houston and the Port of New York and New Jersey and also provides jet fuel to most of the major airports, including in Atlanta and Washington, D.C.
Though both the SolarWinds and the Microsoft attacks appeared aimed, at least initially, at the theft of emails and other data, the nature of the intrusions created “back doors” that experts say could ultimately enable attacks on physical infrastructure. So far, neither effort is thought to have led to anything other than data theft, though there have been quiet concerns in the federal government that the vulnerabilities could be used for infrastructure attacks in the future.
The Biden administration announced sanctions against Russia last month for SolarWinds, and the executive order it is expected to issue would take steps to secure critical infrastructure, including requiring enhanced security for vendors providing services to the federal government.
The United States has long warned that Russia has implanted malicious code in the electric utility networks, and the United States responded several years ago by putting similar code into the Russian grid.
But actual attacks on energy systems are rare. About a decade ago, Iran was blamed for an attack on the computer systems of Saudi Aramco, one of the world’s largest oil producers, which destroyed 30,000 computers. That attack, which appeared to be in response to the American-Israeli attack on Iran’s nuclear centrifuges, did not affect operations.
Another attack on a Saudi petrochemical plant in 2017 nearly set off a major industrial disaster. But it was shut down quickly, and investigators later attributed it to Russian hackers. This year, someone briefly took control of a water treatment plant in a small Florida city, in what appeared to be an effort to poison the supply, but the attempt was quickly halted.