Following the Colonial Pipeline cybersecurity incident, the U.S. Department of Transportation (USDOT) announced Sunday that its Federal Motor Carrier Safety Administration (FMCSA) is issuing temporary hours of service exemption, applicable to those transporting gasoline, diesel, jet fuel, and other refined petroleum products to the affected customer base along the Southern and Eastern US coast. The FMCSA is also taking measures to create more flexibility for motor carriers and drivers.
The Cybersecurity and Infrastructure Agency (CISA) said in a statement that it was aware of the “ransomware incident and is engaged with Colonial and our interagency partners regarding the situation. This underscores the threat that ransomware poses to organizations regardless of size or sector,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a statement. “We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
“USDOT’s top priority is safety, and while current circumstances dictate providing industry flexibility, FMCSA will work closely with its state and industry partners to monitor driver work hours and conditions for the duration of the exemption,” the transport agency said in a statement on Sunday.
The ‘regional emergency declaration’ follows the unanticipated shutdown of the Colonial pipeline system due to network issues that affected the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the states and jurisdictions of Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia.
The declaration is effective immediately and shall remain in effect until the end of the emergency, or until 11:59 P.M. (ET), Jun. 8, 2021, whichever is earlier. FMCSA also intends to continually review the status of the Emergency Declaration and may take action to modify or terminate the Emergency Declaration sooner if conditions warrant.
The cybersecurity incident has resulted in the disruption of Colonial Pipeline’s operations for the third continuous day, transporting about 45 percent of all fuel consumed along the U.S. East Coast, mainly the Gulf Coast. The company serves customers and markets throughout the Southern and Eastern United States through a pipeline system that spans more than 5,500 miles, transporting over 100 million gallons or 2.5 million barrels per day.
Colonial Pipeline fell victim to the cybersecurity incident last Friday, and has since been able to determine that the incident involved ransomware. The company reacted by taking certain systems offline to contain the threat, leading to a temporary halt of all pipeline operations and affected some of the company’s IT systems, which it is “actively in the process of restoring,” it said in an updated statement on Sunday.
“Maintaining the operational security of our pipeline, in addition to safely bringing our systems back online, remain our highest priorities,” Colonial said in its statement. “Over the past 48 hours, Colonial Pipeline personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline.”
The Colonial Pipeline operations team is also formulating a system restart plan. “While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” according to the company statement.
The Colonial incident is not the first cybersecurity incident to affect the nation’s critical infrastructure. Recent cybersecurity attacks, such as the SolarWinds supply chain cyber incident, Sierra Wireless ransomware attack, and Oldsmar water plant hack have intensified the urgent need to strengthen critical infrastructure. The sector is repeatedly affected by rising cybersecurity threats and attacks that lead to downtime, financial and reputational damage, apart from being vulnerable to aging infrastructure connected, either directly or indirectly, to the internet.
“The biggest problem today with critical infrastructure is that defense requires to know all the constraints of the system to prevent malfunctions for the day to day operation while attackers don’t really care about those issues and are running like an elephant in a china store breaking everything they have access to,” Rotem Bar, an OT Division Manager at BDO Israel | Cyber with SCADA Instructor, wrote in a LinkedIn post on Sunday following the Colonial cybersecurity incident.
“This attack has led to an immediate halt in oil and gas distribution across the East Coast of the United States (including multiple states and airports) and has led to an immediate decline in the futures market,” Yevgeny Dibrov, CEO at security company Armis, wrote in a blog post. “Every day, key infrastructure across the US is under attack. This is a clear case of ICS/OT being hacked, turned against their very owners, the intention, in this case, appearing to be a desire to extract ransom monies from Colonial Pipeline, in exchange for releasing control of specific OT systems.”
As IT and OT environments have “increasingly been mingled, a true air gap that once protected many OT networks has disappeared in all but the most locked-down of facilities,” Roark Pollock, chief marketing officer at Mission Secure, wrote in a company blog post.
“As seen in recent attacks on gas and oil organizations such as Pemex and Colonial Pipeline, it is justifying how attackers have gained an interest in the industry from understanding the different behaviors to how to exploit the organizations,” Michael Yehoshua, vice president global marketing at SCADAfence, wrote in a LinkedIn post on Monday. “This has resulted in oil and gas organizations needing to protect against any method of cyberattacks to ensure the global economy and civilian safety is not affected due to an attack.”