Thomas Goldsby, professor and Haslam Chair in Logistics in the Supply Chain Management Department of the University of Tennessee, discusses the short- and long-term impacts of the ransomware attack that temporarily shut down a major East Coast gasoline pipeline.

The ransomware attack on the Colonial Pipeline, which carries 2.5 million barrels of fuel a day, representing nearly 50% of the East Coast’s total supply, was a warning shot about the vulnerability of the nation’s energy base to cyber thieves. Few people realize how dependent the U.S. is on pipelines, Goldsby says, noting that they carry around 17% of the ton miles of freight transported throughout the country. “There’s no way to circumvent those volumes or redirect them. Even a slight disruption is going to be felt, and that was certainly a major one.”

Fortunately, the shutdown didn’t impact the oil exploration or refinement business, although “everyone downstream felt it,” Goldsby says. The attack succeeded despite multiple previous ransomware attacks on business that should have made companies aware of the risk of not protecting their cyber networks. But recent years have seen such attacks become increasingly sophisticated and hard to detect in advance. Making matters even more complicated is the vulnerability of a multiple of outside suppliers and service providers, whose systems offer a tempting gateway into their customers’ networks. “In order to conduct everyday business, companies are relying more on outside services for the supply chain,” Goldsby notes.

The solution to stopping future attacks lies in governments cooperating at the highest levels to put pressure on countries harboring bad actors, he says. But there’s little hope of a solution “if we continue to take a purely reactive approach to instances when they happen, and not bring people to justice.”