Cyberattack forces shutdown of top U.S. fuel pipeline
Company says incident is unlikely to cause immediate disruptions
One of the largest pipelines in the United States, which carries refined gasoline and jet fuel up the East Coast from Texas to New York, was forced to shut down after being hit by a ransomware attack in what appeared to be a significant attempt to disrupt vulnerable energy infrastructure.
The operator of the system, Colonial Pipeline, said in a statement late Friday it had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach on its computer networks. Earlier Friday, there were disruptions along the pipeline, but it was unclear whether that was a direct result of the attack or the company’s moves to proactively halt it.
Colonial Pipeline indicated Saturday afternoon its systems were hit by ransomware, in which hackers hold a victim’s data hostage until it pays a ransom, but it did not say when normal operations would resume. Still, the shutdown of such a vital pipeline, one that has been serving the East Coast since the early 1960s, highlights the huge vulnerability of aging infrastructure that has been connected, directly or indirectly, to the internet.
In coming weeks the administration is expected to issue an executive order to bolster security of federal and private systems, after two major attacks from Russia and China in recent months caught U.S. intelligence agencies and companies by surprise.
Colonial’s pipeline transports 2.5 million barrels each day, taking refined gasoline, diesel fuel and jet fuel from the Gulf Coast up to New York Harbor and New York’s major airports. Most of that goes into major storage tanks, and with energy use depressed by the coronavirus pandemic, the attack was unlikely to cause any immediate disruptions. The company said it learned Friday that it “was the victim of a cybersecurity attack” and in an updated statement Saturday that it determined that the “incident involves ransomware.”
“Colonial Pipeline is taking steps to understand and resolve the issue,” the company said. “Our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway.”
It said it had contacted law enforcement and other federal agencies. The FBI leads such investigations, but critical infrastructure is the responsibility of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. An administration official said that an investigation into the episode was in the very early stages and that it was unclear whether the attacker was a nation or a criminal group.
Attacks on critical infrastructure have accelerated in recent months after two breaches — the SolarWinds intrusion by Russia’s main intelligence service and another against some types of Microsoft-designed systems that has been attributed to Chinese hackers — underscored the vulnerability of the networks on which the government and corporations rely.
For that reason, understanding how the pipeline attack unfolded — and the motivations of those behind it — will become the focus of federal investigators and the White House, which has elevated cybervulnerabilities to the top of its national security agenda. As a privately held company, Colonial is under less pressure than a public company might be to reveal details. But its statement left unclear whether the attack was directed at the industrial controls that are used to manage the pipeline, or whether it was a ransomware attack that stole or froze data on Colonial’s computer systems.