Cyberattack Shuts Down America's Most Important Energy Pipeline

colonial pipeline
Tank farm operated by the Colonial Pipeline network (Colonial Pipeline)

Published May 9, 2021 5:54 PM by The Maritime Executive

One of America's most important energy pipelines shut down on Friday after a cyberattack crippled its computer systems, according to the operator. The Colonial Pipeline stretches all the way from Texas to New Jersey, and it distributes vital supplies of petroleum products like diesel, gasoline and jet fuel to every state in between. It carries about 2.5 million barrels of product per day - about half of the fuel supply for the East Coast - and if it remains shuttered for an extended period, traders and refiners will have to turn to tank and barge transportation instead. 

According to Colonial Pipeline, the incident is a ransomware attack, and the company has taken "certain systems offline to contain the threat, which has temporarily halted all pipeline operations." Its IT systems are also affected. 

Colonial Pipeline system map (Colonial Pipeline)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is involved in investigating the attack and is helping Colonial to restore its operations, along with the cybersecurity consulting company FireEye. Given the critical importance of the pipeline for America's energy security and economy, President Joe Biden has been briefed. 

The incident is being treated as a criminal ransomware attack rather than an act of state-sponsored disruption, according to The New York Times. Anonymously-sourced media reports point to the ransomware-as-a-service group Darkside. According to security consultancy Cybereason, Darkside is known for encrypting, locking, and then publicly releasing the target's data if a ransom is not paid. 

"DarkSide is observed being used against targets in English-speaking countries, and appears to avoid targets in countries associated with former Soviet Bloc nations," noted Cybereason. "The ransom demand ranges between US$200,000 to $2,000,000, and according to their website, the group has published stolen data from more than 40 victims, which is estimated to be just a fraction of the overall number of victims."

The knock-on effects could be significant, including fuel shortages and rising prices along the Eastern Seaboard and reduced refining runs on the U.S. Gulf Coast. These effects were seen during the last Colonial Pipeline shutdown in 2017, when the operator temporarily paused operations as a precautionary measure during Hurricane Harvey. 

It would not be the first ransomware attack on America's pipeline network: CISA reported a similar cyber breach and shutdown at an unnamed natural gas compression station last year. However, it is far greater in scale and potential impact, according to cybersecurity experts. "It’s the most significant, successful attack on energy infrastructure we know of in the United States," said Amy Myers Jaffe, researcher and author of Energy's Digital Future, speaking to Reuters. "We're lucky if there are no consequences, but it's a definite alarm bell."