by Austin Bay
June 9, 2021
It's nationwide knowledge that in early May the Colonial Pipeline company suffered a severe cyberattack that shut down its pipeline connecting Texas to the East Coast. On June 1 JBS Foods suffered another crippling cyberattack. According to industry estimates, JBS controls 20% of the slaughtering capacity for American cattle and hogs. The JBS attack also generated headlines.
The FBI and security officials believe two criminal organizations conducted the attacks. Their names sound a bit like those of the sinister super gangs found in James Bond novels. However, these gangs aren't fiction nor are their crimes.
A crime group called DarkSide shut down Colonial's southeastern U.S. pipeline. To remove its "ransomware" malware and restore service, DarkSide demanded Colonial pay a ransom. Colonial complied.
The FBI attributes the JBS attack to REvil, a cyber mob linked to Russia.
The good news is the Department of Justice has recovered $2.3 million of the $4 million ransom Colonial paid.
This is good news of the grim, hard lesson sort: The economic damage caused by the cyberattacks, and the media coverage they received, revived public concern for infrastructure security in the U.S. and Canada.
Colonial Pipeline runs an energy distribution network, which makes it a prime target for criminals seeking a quick ransom. The hack caused a spike in gasoline prices. With each day of the shutdown, the macroeconomic cost rose. So Colonial paid.
JBS Foods, the world's largest meat supplier, is a key link in North America's food supply chain. The JBS attack shut down meatpacking plants in the U.S. and Canada. Secondary effects were also significant. The plant shutdowns disrupted livestock deliveries -- a damaging economic chain reaction in the U.S. and Canada, which could crimp food supplies worldwide.
The digital crimes national security dimensions also deserve examination.
Consider their parallels in physical (kinetic) attacks in conventional warfare.
Shutting down a pipeline is roughly the nonkinetic equivalent of a German U-boat torpedoing an American oil tanker in a Britain-bound convoy. The hack and the U-boat attack both interrupt fuel supplies.
Over time, reducing food production and disrupting food distribution will create starvation conditions. It is a classic tactic to force a besieged city to surrender. Think of soldiers burning farms in rebel areas to starve the insurgents. An even more hideous comparison: a biological warfare attack that infects a nation's cattle and swine with foot and mouth disease.
Obviously, these types of violent, physical attacks do enormous damage. But cyberhacks can also have costly and devastating national and international effects. This is why attacks such as the one on the Colonial Pipeline are, in my opinion, acts of war.
Russia's 2008 attack on Georgia and its 2014 invasion of Crimea demonstrate that cyberattacks can supplement and intensify the effects of physical attacks.
Step back and consider this scenario: What if DarkSide and REvil had connections to an adversarial nation? The FBI already connects REvil to Russia.
Colonial's pipeline and JBS' slaughtering facilities were "choke points" in their respective supply chains. Attacking an energy target and a food distribution target has the suspicious appearance of an enemy nation probing American supply choke points with the goal of exploiting them should a conventional shooting conflict erupt. At a minimum, the probe also inflicts immediate economic harm on the U.S.
Using gangs to do the dirty work gives the enemy nation plausible deniability.
Given REvil's Russian connections, did the Kremlin encourage and perhaps facilitate the JBS Foods attack? It is a question worth asking and one I hope the CIA, NSA and FBI will help answer.