Biden signs cyber security executive order

AFP

US President Joe Biden signed an executive order on Wednesday that advances federal cyber security capabilities and encourages improvements in digital security standards across the private sector which has been hit by a spate of cyber attacks.

The executive order establishes a series of initiatives designed to better equip federal agencies with cyber security tools.

It follows a cyber attack against the Colonial Pipeline that caused some internal computer systems to be disabled with ransomware. This led Colonial to shut the pipeline, triggering fuel shortages and panic buying in the southeastern United States.

Colonial Pipeline forced offline by a cyber attack began to reopen on Wednesday, its operator said, after a five-day shutdown prompted motorists to frantically stock up on gasoline and some gas stations on the US east coast to close.

But it warned that it will take "several days" before supplies will return to normal.

Faced with a growing shortage, a dozen states ranging from Florida to Virginia declared a state of emergency, heightening the sense of panic among consumers who flocked to gas stations bearing fuel cans and other containers to fill up.

The order also requires that software companies selling to the government maintain certain cyber security standards in their products and report whether they themselves have been compromised by hackers. The requirement was first reported by Reuters in March.

A senior administration official described the executive order as having a "very significant" impact on the government's ability to detect and respond to hacking incidents.

"It reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security, setting aggressive but achievable goals ..." the official said.

Ransomware attack

A ransomware attack on Friday on Colonial Pipeline forced the company to shut down its entire network, hampering supply in eastern states.

But the company said late on Wednesday it had "initiated the restart of pipeline operations today at approximately 5pm ET (9pm GMT)."

"Following this restart, it will take several days for the product delivery supply chain to return to normal," the statement said.

"Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the startup period."

However, the company pledged to move "as much gasoline, diesel and jet fuel as is safely possible and will continue to do so until markets return to normal."

The Transportation Department and Environmental Protection Agency have eased regulations on transporting fuel and temporarily waived clean air rules throughout the affected states to try to ease the supply crunch.

AFP

Relief for motorists

Colonial Pipeline operates the largest US fuel conduit system in the United States, which sends gasoline and jet fuel from the Gulf Coast of Texas to the populous east coast through 8,850 kilometers of ducts that serve 50 million consumers.

The restoration of supplies will come as a relief to motorists who drove a wave of panic buying that caused thousands of stations to run dry, according to gas price tracking site GasBuddy — which itself was crashing under the volume of new users.

US average gasoline prices rose US$3 a gallon for the first time since November 2014, according to the American Automobile Association.

Transportation Secretary Pete Buttigieg on Wednesday urged consumers to remain calm.

"We recognize the concern that is out there, and that's why we haven't wasted any time to get into action," he told reporters at the White House. "Hoarding does not make things better."

The FBI blamed the shadowy DarkSide group for the ransomware attack, in which hackers freeze a corporate IT systems and then demand a huge payment to release it.

But according to a report in The Washington Post on Wednesday, Colonial Pipeline has no plans to pay the ransom.

Instead it is working with a cyber security firm to rebuild its systems or restore them from backups, the report said, citing people familiar with the matter.

The company did not respond to AFP's request for comment.