On Friday, May 7, a cyberattack on the massive pipeline operated by Colonial Pipeline Co. caused the company to shut down its entire 5,500-mile fuel system and turned out to be the most disruptive energy-sector hack in U.S. history. Colonial operates pipelines that carry diesel, gasoline and other fuels from Texas to New Jersey. The company later revealed that it had been the victim of a ransomware attack.
On May 19, Joseph Blount, the CEO of Colonial Pipeline, confirmed that he had authorized a $4.4 million ransom payment to hackers in order to get the critical energy artery operating after it was closed in order to prevent malicious software from spreading through its systems. The cybersecurity firm FireEye Inc. (known for its discovery of the SolarWinds espionage campaign) is now reported to be working with Colonial on mitigating future threats to its IT infrastructure.
“We proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” Colonial said at the height of the crisis.
Bad for Producers and Consumers
Ransomware hackers encrypt victims’ computer files and demand digital payment to unlock them. The systems shutdown affected an estimated 45% of all fuel used on the East Coast. Colonial has said that it has launched an investigation into the cyberattack and is working with law enforcement and other agencies. The attack has already raised serious questions about possible gaps in U.S. critical infrastructure security, as top intelligence and energy officials now warn of an unprecedented rise in cyber threats.
According to Colonial, there is no indication that the ransomware attack which encrypted the company’s files spread into the operational technology that manages the flow of fuel through its pipeline system. Colonial said that it took systems offline in an abundance of caution, and that its operations team is developing a “system restart plan” as a future contingency to circumvent similar scenarios.
According to cybersecurity experts, the U.S. energy sector is growing particularly vulnerable to ransomware attacks as operational technology (OT) merges with IT like business and email networks. Operational technology is hardware and software that detects or causes a change through the direct monitoring and/or control of industrial equipment. The increasing digitization of power grid and pipeline equipment means it’s becoming easier for ransomware attackers to move from the IT side to OT.
Slow to Restart, Fuel Shortages Ensue
On May 15, Colonial said that its pipeline was back to servicing all markets, including Texas, Louisiana, Mississippi, Alabama, Tennessee, Georgia, South and North Carolina, Virginia, Maryland, D.C., Delaware, Pennsylvania and New Jersey. However, there are still widespread fuel shortages in many of those markets. In Washington, the nation’s capital, 80% of gas stations were without fuel. In North Carolina, 63% of stations remained short; Georgia, South Carolina and Virginia all experienced significant shortages as well.
The cyberattack also caused a spike in U.S. gasoline prices. Analysts at Clearview Energy Partners LLC said in a report last Saturday that the shutdown is significant from a product price perspective.
“The Colonial outage comes at a critical juncture for the recovering U.S. economy: the start of the summer driving season,” Clearview researchers said last week. “We therefore think lawmakers could begin a ‘blame game’ immediately, and a sustained disruption that leads to a significant pump price spike could increase prospects of domestic policy interventions.”