Major US pipeline halts operations after ransomware attack
The operator of a major pipeline system that transports fuel across the East Coast says it's been victimized by a ransomware attack and has halted all pipeline operations to deal with the threat
May 8, 2021, 10:29 PM
6 min read
Share to FacebookShare to TwitterEmail this articleFILE - In this Sept. 8, 2008 file photo traffic on I-95 passes oil storage tanks owned by the Colonial Pipeline Company in Linden, N.J. A major pipeline that transports fuels along the East Coast says it had to stop operations because it was the victim of a cyberattack. Colonial Pipeline said in a statement late Friday that it “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” (AP Photo/Mark Lennihan, File)
WASHINGTON -- The operator of a major pipeline system that transports fuel across the East Coast said Saturday it had been victimized by a ransomware attack and had halted all pipeline operations to deal with the threat. The attack is unlikely to affect gasoline supply and prices unless it leads to a prolonged shutdown of the pipeline, experts said.
Colonial Pipeline did not say what was demanded or who made the demand. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand a large payment to decrypt it.
The attack on the company, which says it delivers roughly 45% of fuel consumed on the East Coast, underscores again the vulnerabilities of critical infrastructure to damaging cyberattacks that threaten to impede operations. It presents a new challenge for an administration still dealing with its response to major hacks from months ago, including a massive breach of government agencies and corporations for which the U.S. sanctioned Russia last month.
In this case, Colonial Pipeline said the ransomware attack Friday affected some of its information technology systems and that the company moved “proactively” to take certain systems offline, halting pipeline operations. In an earlier statement, it said it was “taking steps to understand and resolve this issue” with an eye toward returning to normal operations.
The Alpharetta, Georgia-based company transports gasoline, diesel, jet fuel and home heating oil from refineries located on the Gulf Coast through pipelines running from Texas to New Jersey. Its pipeline system spans more than 5,500 miles, transporting more than 100 million gallon a day.
The White House said President Joe Biden was briefed Saturday morning and the federal government was working with the company to assess the implications of the attack, restore operations and avoid disruptions to the supply. The government is planning for various scenarios and working with state and local authorities on measures to mitigate any potential supply issues.
The private cybersecurity firm FireEye said it's been hired to manage the incident response investigation.
Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices depends on how long the pipeline is down. An outage of one day or two would be minimal, he said, but an outage of five or six days could cause shortages and price hikes, particularly in an area stretching from central Alabama to the Washington, D.C., region.
Lipow said a key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.
A leading expert in industrial control systems, Dragos CEO Robert Lee, said systems such as those that directly manage the pipeline’s operation have been increasingly connected to computer networks in the past decade.
But critical infrastructure companies in the energy and electricity industries also tend to have invested more in cybersecurity than other sectors. If Colonial’s shutdown was mostly precautionary — and it detected the ransomware attack early and was well-prepared — the impact may not be great, Lee said.
