Cyber attack on major east coast pipeline again highlights need for better cybersecurity in U.S.
Vulnerable systems in industry, the financial sector and utilities have long been identified but companies have been slow to address national cybersecurity concerns
The Colonial Pipeline, carrying 45 percent of the vehicle and jet fuel used on the East Coast, was forced to shut down late Friday night by a cyber attack of unknown origin. Source say it is a ransomware attack. (Photo: Meghen Rinehardt/Bloomberg News)
The Colonial Pipeline, the main conduit carrying gasoline and diesel fuel to the U.S. East Coast, said it had halted all operations after being hit with a cyberattack.
Colonial Pipeline Co. — which operates the 5,500-mile Colonial Pipeline system taking fuel from the refineries of the Gulf Coast up to the New York metro area — said it learned Friday that it was the victim of the attack and "took certain systems offline to contain the threat, which has temporarily halted all pipeline operations."
The outage isn't expected to have a significant impact on fuel markets unless the pipeline remains shut down for several days, analysts said. However, the shut-down highlights major U.S. cybersecurity concerns and again highlights the inability of heavily computer-dependent industries to consistently resist attacks from hackers or hostile international security agencies.
The cyberattack on Colonial appeared to involve ransomware, a type of code that attempts to seize computer systems and demand payment from the victim to have them unlocked, according to a person familiar with the matter. The investigation was in its early stages, the person said.
The company said it had engaged a third-party cybersecurity firm to help with the issue, which affected some of its IT systems, and had contacted federal agencies and law enforcement.
FireEye Inc., a U.S.-based cybersecurity firm, is investigating the attack, according to sources inside Colonial, though a FireEye spokesman declined to comment.
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, which works with critical infrastructure companies on cyber defense, did not immediately respond to requests from American Conservative Voice (ACV) to comment.
It wasn't clear whether the attack was perpetrated by a nation-state actor or criminal actor. Attributing cyberattacks is difficult and can often take months or longer.
The Colonial Pipeline is the largest refined-products pipeline in the U.S., transporting more than 100 million gallons a day, or roughly 45 percent of fuel consumed on the East Coast, according to the company's website. It delivers fuels including gasoline, diesel, jet fuel and heating oil as well as serving U.S. military facilities.
"At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation," the company said in a statement. "This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers."
Colonial spokeswoman Kelsey Tweed said the company didn't have further details to provide "at this time."
Gasoline inventories are not expected to be impacted in a major way by the Colonial Pipeline shutdown, the result of a cyberattack Friday, providing the carrier comes back online in a day or two. (Photo: Jay LePrete/Bloomberg News)
Inventories of gasoline have been readied for the summer driving season and usually get replenished every five to six days. But if the pipeline remains offline for days, shortages at terminals that receive fuel in the southeastern U.S. and Atlantic Coast markets could begin to affect retail stations and consumers, said Andy Lipow, president of consulting firm Lipow Oil Associates in Houston.
"It's similar to a hurricane event where the pipeline gets shut down, so if it's for a day or two then the impact will be mitigated," Mr. Lipow said.
Cyberattacks targeting critical infrastructure or key companies, some by suspected foreign intelligence agencies, have become a growing area of concern for U.S. national security officials. In July 2020, the U.S. government issued a cybersecurity alert to operators of critical infrastructure, outlining "immediate actions" that should be taken during a "time of heightened tensions" to avoid being compromised by a cyberattack. The alert is still in effect.
Russian hackers have been blamed by western intelligence agencies for temporarily downing parts of Ukraine's power grid this past winter. Pipelines have long been viewed as targets of opportunity for these kinds of attacks, in part because halting their operations can have immediate impact on market prices. Russia has a vested interested in having refined oil and fuel prices higher to enhance its own oil market income.
The Biden cabal last month announced punitive measures against Russia, blaming suspected Russian agents for a month-long hack of U.S. government agencies and some of America's biggest corporations. That attack involved SolarWinds Corp. , a network-management software firm whose software was one of the primary entry-points for the hackers. It extended beyond the software, and is described as one of the worst instances of cyber espionage in U.S. history.
The Triton attack that was directed at Saudi Arabia in 2017 was a breach of cybersecurity systems at a petrochemical plant. More recently, there have been reports that the perpetrators of that attack have been scanning the U.S. power grid for vulnerabilities. There is no indication at this time that the group responsible for Triton is responsible for the Colonial Pipeline cyber attack.
Mike Chapple, a cybersecurity expert at the University of Notre Dame and former National Security Agency official, said the Colonial Pipeline attack appeared to show the hackers were "extremely sophisticated" or that the systems were not properly secured.
"These systems shouldn't be connected to the Internet, making it very difficult for an outsider to gain control of them," Mr. Chapple said. "This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack."