US invokes emergency powers after cyberattack on fuel pipeline
The Biden administration has invoked emergency powers as part of an “allhands-on-deck” effort to avoid fuel shortages after the worst-ever cyberattack on US infrastructure shut down a crucial pipeline supplying the east coast.
The federal transport department issued an emergency declaration on Sunday to relax regulations for drivers carrying gasoline, diesel, jet fuel and other refined petroleum products in 17 states and the District of Columbia. It lets them work extra or more flexible hours to make up for any fuel shortage related to the pipeline outage.
Commodity traders are also understood to be scrambling to secure tankers to deliver fuels by sea rather than pipeline. At least six tankers could be diverted across the Atlantic to bring gasoline from Europe to the US, according to reports. Others plan to use idle fuel tankers as temporary, floating gasoline storage in the Gulf of Mexico in case the outage is prolonged and threatens to drive fuel prices higher.
Experts said on Sunday that gasoline prices were unlikely to be affected if the pipeline was back to normal in the next few days but that the incident should serve as a wake-up call to companies about the vulnerabilities they face.
The pipeline, operated by Georgiabased Colonial Pipeline, carries about 2.5m barrels of gasoline and other fuel from Texas to the north-east a day. It delivers roughly 45% of fuel consumed on the east coast, according to the company.
It was hit by what Colonial called a ransomware attack, in which hackers typically lock up computer systems by encrypting data, paralysing networks, and then demand a large ransom to unscramble it.
On Sunday, Colonial Pipeline said it was actively in the process of restoring some of its IT systems. It said it remained in contact with law enforcement and other federal agencies, including the energy department, which is leading the federal government response. The company has not said what was demanded or who made the demand.
However, two people close to the investigation, speaking on condition of anonymity, identified the culprit as DarkSide, which is one of the ransomware gangs in a criminal industry that has cost western nations tens of billions of dollars in the past three years.
DarkSide claims that it does not attack hospitals and nursing homes, educational or government targets, and that it donates a portion of its take to charity. It has been active since August and, typical of the most potent ransomware gangs, is known to avoid targeting organisations in former Soviet bloc nations.
Colonial did not say whether it has paid or was negotiating a ransom, and DarkSide did not announce the attack on its dark website. The lack of acknowledgment usually indicates a victim is either negotiating or has paid.
On Sunday, Colonial Pipeline said it was developing a “system restart” plan. It said its main pipeline remained offline but some smaller lines were operational.
“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said.
Colonial transports gasoline, diesel, jet fuel and home heating oil from refineries on the Gulf coast through pipelines running from Texas to New Jersey. Its pipeline system spans more than 5,500 miles (8,850km), transporting more than 100m gallons (380m litres) a day.
Debnil Chowdhury, at the research firm IHSMarkit, said if the outage stretched to one to three weeks, gas prices could begin to rise. “I wouldn’t be surprised, if this ends up being an outage of that magnitude, if we see 15 to 20-cent rise in gas prices over next week or two,” he said.
Goldman Sachs, one of the world’s biggest oil traders, warned that future attacks on key US fuel pipelines could be “far more disruptive” for consumers. Demand for fuels is currently lower than usual due to the ongoing impact of the Covid-19 pandemic, and fuel storage facilities are well stocked. But when travel restrictions begin to lift during the busy summer driving season, the US will be more vulnerable to sharp fuel price spikes, according to the US bank.
Gina Raimondo, the commerce secretary, said on Sunday that ransomware attacks were “what businesses now have to worry about”, and that she would work “very vigorously” with homeland security officials to address
the problem, calling it a top priority for the administration.
“Unfortunately, these sorts of attacks are becoming more frequent,” she said on CBS’s Face the Nation. “We have to work in partnership with business to secure networks to defend ourselves against these attacks.”
She said the president, Joe Biden, had been briefed on the attack.
“It’s an all-hands-on-deck effort right now,” Raimondo said. “And we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply.”A source close to the Colonial investigation said the attackers also stole data from the company. Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network, because some victims are unwilling to see sensitive information dumped online.
Ed Amoroso, the boss of the security firm TAG Cyber, said Colonial was lucky its attacker was at least ostensibly motivated only by profit, not geopolitics. State-backed hackers bent on more serious destruction use the same intrusion methods as ransomware gangs.
“For companies vulnerable to ransomware, it’s a bad sign because they are probably more vulnerable to more serious attacks,” he said. Russian cyber-attackers, for example, crippled the electrical grid in Ukraine during the winters of 2015 and 2016.
In the US, attacks have forced delays in cancer treatment at hospitals, interrupted schooling and paralysed police and city governments. Tulsa this week became the 32nd state or local government in the US to come under ransomware attack, said Brett Callow, a threat analyst with the cybersecurity firm Emsisoft.