The Colonial pipeline serving most of the eastern United States with fuel and heating oil has been shut down after what is being viewed as the worst-ever cyber-attack on the country’s infrastructure.
“This is as close as you can get to the jugular of infrastructure in the United States,” Amy Myers Jaffe, research professor and managing director of the Climate Policy Lab, was quoted as saying by Reuters news agency. “It’s not a major pipeline. It’s the pipeline.”
Commerce secretary Gina Raimondo warned business will have to pay increased attention to the risk of ransomware attacks.
The Associated Press news agency reported the criminal gang DarkSide is behind the ransomware attack, noting the lack of announcement of the attack on its dark website usually indicates a victim is either negotiating or has paid.
The 5,500-mile (8,800-kilometre) pipeline transports more than 100m gallons (455m litres) a day of petrol/gasoline, diesel, jet fuel and home heating oil from refineries on the Gulf coast in Texas to New Jersey.
While operator Colonial Pipeline works on restoring the flow of fuel safely, President Joe Biden invoked emergency powers. He has relaxed regulations for tanker drivers carrying petroleum products in 17 states and the District of Columbia, allowing them to work extra or more flexible hours to help them make up for any fuel shortage while the pipeline is out of action.
“It’s an all-hands-on-deck effort right now,” Raimondo said in an interview with broadcaster CBC. “And we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply.”
She also said: “Unfortunately, these sorts of attacks are becoming more frequent. We have to work in partnership with business to secure networks to defend ourselves against these attacks.”
Ransomware attacks are “what businesses now have to worry about” and dealing with cyber-attacks is an administration priority, she added.
Algirde Pipikaite, cyber strategy lead at the World Economic Forum’s Centre for Cybersecurity, said: “Cybersecurity vulnerabilities have become a systemic issue. Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants.”
Colonial said it became aware of the ransomware attack on 7 May and halted all pipeline operations to contain the threat.
The Georgia-based company is now developing a system restart plan. Though the four mainlines were offline, some smaller, lateral lines between terminals and delivery points are operational.
“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.
“At this time, our primary focus continues to be the safe and efficient restoration of service to our pipeline system, while minimising disruption to our customers and all those who rely on Colonial Pipeline.”
Some IT systems were also affected and the company is restoring them. It has also hired third-party cyber security experts, has launched an investigation into the incident, and is in contact with law enforcement and other government agencies.
Colonial also said: “We appreciate the patience and outpouring of support we have received from others throughout the industry.”
Oil industry analysts were reported as saying petrol prices are unlikely to be affected if the pipeline is back to normal within a few days, but Debnil Chowdhury of IHSMarkit warned they could rise if the outage extended beyond a week.
Register to receive the latest cyber securitynews and analysis straight to your inbox