The Colonial Pipeline, the largest fuel pipeline in the US, which runs for 8,850 km from the US Gulf Coast to the New York Harbor area, has been shut down by a major ransomware attack.
In a statement on its website, Colonial Pipeline says that it discovered that it had been a victim of a cybersecurity attack on 7 May 2021 and ‘proactively took certain systems offline to contain the threat’, which halted all pipeline operations and affected IT systems. During 8-9 May, the company took further precautionary measures to monitor and protect the pipeline. As of 5.10pm EDT pm 9 May 2021, all of its mainlines, (Lines 1, 2, 3 and 4) are still offline, but the company has managed to restart some of the smaller lateral lines between its terminals, with delivery points operational.
‘We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,’ says the statement. ‘At this time, our primary focus continues to be the safe and efficient restoration of service to our pipeline system, while minimising disruption to our customers and all those who rely on Colonial Pipeline. We appreciate the patience and outpouring of support we have received from others throughout the industry.’
Colonial has not confirmed the source of the attack but US media widely reports that it was the work of a Russian-linked group called DarkSide. Unnamed sources from Colonial told Bloomberg that the attackers stole almost 100 GB of data on 6 May 2021, before locking the company’s computer systems and threatening to publish the data unless a ransom was paid. The New York Times reports that Colonial hired private cybersecurity company FireEye to help solve the crisis.
The pipeline carries 2.5 million bbl of gasoline, diesel and jet fuel daily, around 45% of the US east coast’s fuel needs. Much of the fuel goes into terminals for storage, and analysts do not expect any immediate disruptions to supply. Nevertheless, the US Department of Transportation’s Federal Motor Carrier Administration issued a temporary hours of service exemption for those transporting refined petroleum products to Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia. This allows tanker drivers in those states to work extra hours. Some analysts warn, however, that as this will not nearly reach the pipeline’s capacity, unless the problem is sorted quickly, refined products will be stranded at Texas refineries, with knock-on effects.
Investigations into the attack have begun. Colonial says that it is in contact with law enforcement and federal agencies, including the US Department of Energy (DoE), which is leading the federal government response. The US Federal Bureau of Investigation (FBI) has confirmed that it is also involved.