Major US fuel pipeline, Colonial Pipeline, suffers disruption, following cybersecurity attack

Updated: May 16,2021

According to the company’s official Twitter account, Colonial Pipeline has resumed normal operations after following the devastating ransomware attack that shutdown of the largest fuel pipeline in the U.S.  The flow of fuel had been improving by Saturday, however, there were still many gas stations without enough fuel.  The worst of the shortages took place on Thursday night. By Friday, Energy Secretary Jennifer Granholm told The Associated Press  that the country was “over the hump” and things would start improving. “It’s still going to work its way through the system over the next few days, but we should be back to normal fairly soon,” she said. “The good news is that … gas station outages are down about 12% from the peak” as of Friday afternoon, with about 200 stations returning to service every hour, she said. “It’s still going to work its way through the system over the next few days, but we should be back to normal fairly soon.″

—

May 8, 202 – 1The Colonial Pipeline announced Friday that it had fallen victim to a cybersecurity attack, critically affecting its operations that transport about 45 percent of all fuel consumed on the U.S. East Coast, providing refined products to more than 50 million Americans. 

“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” Colonial said in a media statement. “Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have already launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies,” it added. 

While Colonial Pipeline provided no details of the nature of the cyberattack, or the extent of damage caused, two U.S. officials familiar with the matter have told The Washington Post that a ransomware attack caused the fuel pipeline operator to shut down its entire network on Friday. Allan Liska, senior threat analyst at cybersecurity firm Recorded Future, told Bloomberg that the attackers appear to have used a ransomware group called DarkSide to carry out the attack. 

“There are absolutely cases in industrial operations where ransomware impacts operations,’’ Robert M. Lee, CEO and co-founder of industrial cybersecurity Dragos told The Post. “Oftentimes, though, that impact isn’t the impact that gets news media attention. They may not be to the level that this case is, but there are lots of industrial control companies that are battling ransomware around the United States.”

Colonial Pipeline connects refineries – primarily located along the Gulf Coast – with customers and markets throughout the Southern and Eastern United States through a pipeline system that spans more than 5,500 miles, transporting over 100 million gallons or 2.5 million barrels per day.

U.S. officials have been working towards the growing challenges in the critical infrastructure sector. The National Security Agency (NSA) recently released guidelines and an evaluation methodology, to improve operational technologies (OT) and control systems cybersecurity. The advisory developed for the National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) OT owners and operators. It also provides details on how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. 

Earlier this year, unidentified cyber attackers were able to get access to a panel that controls the water treatment plant at the city of Oldsmar near Tampa, Florida. This modification in the setting would have drastically increased the amount of sodium hydroxide in the water supply, 

Safety was a priority at Colonial Pipeline, and the company had an extensive program to monitor, maintain, and promote operational excellence, it claims. “This includes things like aerial and foot patrols of the right-of-way, 24⁄7 control centers, a public awareness program to prevent damage, and most notably our integrity management program, which allows us to inspect pipelines from the inside out using sophisticated tools and technology,” according to a company FAQ.

Colonial Pipeline is taking steps to understand and resolve the issue, it said in its Friday statement. “At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline,” it added.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.