Cyberattack on critical pipeline freezes deliveries to U.S. East CoastMay 8, 2021
The main fuel supply line to the U.S. East Coast was shut down on Friday after the pipeline’s operator was hit by what is believed to be the largest successful cyberattack on oil infrastructure in the country’s history.
The attack on the Colonial Pipeline, which runs 5,500 miles and provides nearly half the fuel used on the East Coast, affected some of the company’s IT systems. Colonial said it has engaged a third-party cybersecurity firm to investigate the incident, which it confirmed was a ransomware attack, and has contacted law enforcement and other federal agencies.
The attack presents a major test for how the Biden administration will respond to cyber attacks on critical infrastructure at a time when hackers are increasingly targeting essential utility services. The outage, depending on its duration and who is found to be behind it, could send fuel prices in the southeastern U.S. above $3 a gallon, market analysts said.
“This was not a minor target,” said Amy Myers Jaffe, a long-time energy researcher and author of Energy’s Digital Future. “Colonial Pipeline is ultimately the jugular of the US pipeline system. It’s the most significant, successful attack on energy infrastructure we know of in the United States. We’re lucky if there are no consequences, but it’s a definite alarm bell.”
The Cybersecurity and Infrastructure Security Agency believes that the intrusion is the work of the criminal ransomware gang known as Darkside and not a nation-state, according to a security researcher who requested anonymity to speak freely. CISA did not immediately respond to a request for comment.
Sen. Ben Sasse (R-Neb.) said the attack is the latest indication that the government isn’t ready for potentially debilitating cyber strikes.
“There’s obviously much still to learn about how this attack happened, but we can be sure of two things: This is a play that will be run again, and we’re not adequately prepared,” Sasse said in a statement. “If Congress is serious about an infrastructure package, at front and center should be the hardening of these critical sectors — rather than progressive wishlists masquerading as infrastructure.”
Fuel imports into New York Harbor should cushion the blow for drivers in Baltimore and places north, market analysts said. But if Colonial remains down past the start of this coming week, drivers could begin to hoard fuel and prices will rise dramatically even before the normal start of the summer driving season, when prices normally increase.
“Colonial delivers products to terminals every five days,” said Andy Lipow, president of consulting firm Lipow Oil Associates. “There may be some terminals that had been depending on deliveries yesterday, today or tomorrow that will be immediately affected. But on a widespread basis, in four to five days you’ll see signs of impact, especially when consumers get wind of what’s going and start filling up their cars.”
Colonial said it is working to restore its service and return to normal operations. The company said in a statement that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”
The security researcher said the firm Colonial hired to help with the effort is Fire Eye, the same company that last year discovered the massive SolarWinds hack on federal government agencies and about 100 companies.
The Federal Energy Regulatory Commission said it is working with other federal agencies to monitor developments on the cyberattack. The FBI and the Department of Energy could not be immediately reached for comment.
Improving cybersecurity in the energy sector has been a key task for several federal agencies. Last month, the DOE and CISA launched an initiative to work with industrial control system operations in the electric sector to improve cybersecurity detection.
Colonial Pipeline is the largest refined products pipeline in the United States, transporting 2.5 million barrels per day, and about 45 percent of all fuel consumed on the East Coast, including gasoline, diesel, jet fuel and heating oil.
The pipeline attack could be a litmus for the Biden administration’s overall cyber strategy, which has been slowly taking shape. So far, officials have been keen on using sanctions and indictments to respond to major events, as seen in President Joe Biden’s executive order last month in response to the SolarWinds cyber espionage campaign. And the latest development has the potential to put more pressure on the Biden administration and lawmakers as they debate adding cybersecurity funding to the administration’s $2 trillion-plus infrastructure proposal, which has been scrutinized for lacking those funds.
Last year, a crack in in the pipeline that went undetected for days or weeks leaked 1.2 million gallons of gasoline in a nature preserve near Charlotte, N.C. And in February, hackers gained access to a water treatment facility’s computer system near Tampa, Florida, and attempted to raise the amount of sodium hydroxide, or lye. Russian military hackers also targeted computer systems belonging to banks, energy firms, senior government officials and airports in Ukraine in June 2017 as a part of the so-called “NotPetya” cyberattack.
The Darkside group is a relatively new player in the ransomware space, but it has quickly gained a reputation for patience, competence, sophistication and large ransoms.
“The Darkside ransomware attack campaigns stood out for their use of stealthy techniques, especially in the early stages,” according to the security firm Varonis, which investigated several Darkside breaches. “The group performed careful reconnaissance and took steps to ensure that their attack tools and techniques would evade detection on monitored devices and endpoints.
”The group has claimed that it seeks to breach large companies that can afford to pay hefty ransoms, rather than schools, hospitals and other cash-strapped but increasingly targeted organizations,” Varonis said.
Sam Sabin and Eric Geller contributed to this report.