Cyberattack exposes weaknesses
Acyberattack that knocked out the main oil pipeline supplying the U.S. Eastern Seaboard comes days before a state-imposed deadline to shut a major Canadian conduit that could send prices soaring for consumers, highlighting the fragility of North America's energy infrastructure.
“These recent events completely lift the hood on how vulnerable infrastructure is to attack now,” said Michael Tran, energy strategist at RBC Capital Markets in New York, adding the attack on the Colonial Pipeline Co. “was not just any pipeline” but “the key artery” supplying the most populated parts of the United States.
A ransomware attack Friday on the Colonial Pipeline, which ships gasoline, diesel and jet fuel from U.S. Gulf Coast refineries to consumers in 14 states on the East Coast, has forced the largest conduit of refined products in the U.S. to go offline. In a statement on Monday, Colonial said it expects to “substantially” restore operational service by the end of the week.
The outage on the Colonial Pipeline could be exacerbated by a Michigan state order forcing Enbridge Inc.'s Line 5 pipeline — supplying oil to Michigan, Ohio, Ontario and Pennsylvania refineries — to shut down on Wednesday, which could further strain U.S. oil supply. Calgary-based Enbridge has vowed to defy the order and continue shipping oil through the line until forced to close by a court. Analysts believe shutting down Line 5 could cause higher fuel and propane prices in affected areas in the U.S. Midwest and Central Canada, as well as potentially thousands of layoffs.
Still, the potential for two major pipelines being shut down in the same week shows the stretched energy supply system in North America is increasingly vulnerable to outages, Tran said.
“At a minimum, you're going to leave U.S. consumers, large swaths of the U.S. population, paying significantly more for fuel costs. Worst-case scenario, you're essentially leaving widespread refined product shortages across some of the most highly populated pockets of the United States, being parts of the Midwest and the U.S. Northeast,” Tran said. “One is subject to a cyber attack, the other is potentially subject to a politically charged, self-inflicted wound.”
The Colonial Pipeline moves refined products such as gasoline and diesel from refineries in Texas and Louisiana to supply 14 states in the U.S. East Coast. It moves 2.5 million barrels of oil products per day to North and South Carolina before shipping 900,000 bpd to New York and neighbouring areas.
“The importance of Colonial cannot be underplayed given that it is one of the few major sources of oil products deliverable into the refinery-challenged East Coast (the line services 14 states). Due to poor refinery economics, regional units have shut over recent years, leaving the U.S. Northeast as the least independent and energy secure district in the country,” Tran said in a note to clients Monday.
Analysts believe the outage could send gasoline prices in the affected U.S. areas to more than US$3 per gallon and potentially result in fuel shortages.
U.S. West Texas Intermediate remained at an elevated level for much of the day, but closed just 0.1 per cent higher to US$65 per barrel after suggestions that the crisis could be shortlived.
A top White House national security official said the U.S. intelligence community is working to determine whether the hackers of the Colonial Pipeline have ties to the Russian government. The FBI has accused DarkSide, a group of cyberhackers, of a digital extortion attempt, but the group said it was `apolitical' and its “goal is to make money, and not creating problems for society.”
Regardless of the motives, analysts think the hack marks a new era of security risk for oil markets.
“We are now seeing a first major cyber security-related oil market disruption in the cyberattack on the Colonial oil pipeline,” Citigroup analysts wrote in a Monday research note. The Wall Street bank added that cyber attacks are now considered a risk factor for oil markets, including geopolitics, climate change and weather events.
“Though the pipeline
THE IMPORTANCE OF COLONIAL CANNOT BE UNDERPLAYED
could be restarted soon, this highlights a new source of supply risk for oil,” the analysts wrote, adding the event could also usher in “geopolitical second-order impacts” as government officials in the U.S. may need to change laws in order to pull crude into major cities from South Carolina to New York.
Canada's two largest pipeline companies, which also operate massive pipeline networks in the U.S., said they were monitoring the Colonial pipeline outage that had now stretched into its fourth day.
“We are aware of the incident, and that cyber attacks are of concern for all businesses these days,” Enbridge Inc. spokesperson Tracie Kenyon said in an emailed statement, adding her company's facilities are operating normally. “It is why Enbridge has invested significantly in cybersecurity through the years, test our systems frequently and monitor constantly.”
Similarly, TC Energy Inc. which runs natural gas and oil pipelines across North America, said it regularly practises its security systems for potential attacks.
“Cyber safety is a priority across our organization as part of our commitment to our No. 1 value of safety,” TC Energy Corp. said in an emailed statement. “TC Energy has a well-developed cybersecurity program which we continue to advance and innovate to protect our data, systems and assets. We closely monitor our environments for anything suspicious and regularly plan, practise and prepare for potential scenarios.”
Experts say pipeline companies across North America as well as utility companies are likely to boost spending on cybersecurity measures in the coming months following the Colonial Pipeline outage.
Generally, when a high-profile company in one industry is successfully hit by a cyberattack, other companies within the sector boost the security of their networks in the months that follow, said retired U.S. Col. Barry Hensley, chief threat intelligence officer at Atlanta-based cybersecurity firm Secureworks Inc.
“Just like the organizations that are out there today that are all evolving their cybersecurity programs, it's just as important to know that threat actors are evolving their campaigns as well,” said Hensley, who was the former director of the U.S. Army's Global Network Operations and Security Centre.
“There's just as much innovation being put in on the threat actor side as there is on the defender side.”