May 12, 2021
The largest gasoline pipeline in America is returning to service, recovering from a cyberattack late Friday that raised pump prices and choked fuel supplies across the Eastern U.S.
By William Turton and Michael Jeffers~ BLOOMBERG REPORT ~
The Colonial Pipeline — a critical source of gasoline and diesel for the New York area and the rest of the East Coast — was being restarted around 5 p.m. Eastern time, the operating company said in a statement. The Alpharetta, Georgia-based company said over the weekend it was forced to take systems offline on May 7 in response to a ransomware attack.
The news comes as gasoline stations are running dry from Florida to Virginia. In parts of the U.S. South, three in every four gas stations had no fuel as of Wednesday, while in Washington, D.C., cars were lining up for blocks as they waited to fill up. U.S. pump prices have topped $3 a gallon for the first time in six years. Colonial each day normally ships about 2.5 million barrels (105 million gallons), an amount that exceeds the entire oil consumption of Germany.
The disruption underscores just how vulnerable America’s fuel supply system has become in the wake of increased attacks on energy infrastructure by hackers over the past few years.
Colonial is only the latest example of critical infrastructure being targeted by ransomware. Hackers are increasingly attempting to infiltrate essential services such as electric grids and hospitals. The escalating threats prompted the White House to respond last month with a plan to increase security at utilities and their suppliers. Pipelines are a specific concern because of the central role they play in the U.S. economy.
The Colonial Pipeline route along the U.S. eastern seaboard.
Source: Colonial Pipeline
The attack on Colonial also came just as the nation’s energy industry is preparing for summer travel and as fuel demand rebounds from pandemic-related lockdowns. It was reminiscent of a 2018 cyberattack that brought down a third-party communications system used by several natural gas pipelines operators across the U.S. That hack didn’t halt actual gas flows, but it delayed utility billing and made it challenging for traders to forecast supplies.
Shortly before the Colonial announcement, President Joe Biden said he was expecting good news on the situation and touted the steps he had taken to relieve supply disruptions.
The White House announced several measures to blunt the growing crisis, including waiving some gasoline requirements and empowering 10 states to allow heavier-than-normal truck loads of fuels. It is also taking initial steps toward possibly allowing foreign tankers to transport gasoline and diesel to East Coast ports.
In Washington, lawmakers were scheduled to receive a briefing from administration officials Wednesday evening.
Biden said the attack demonstrated the need for U.S. investments in education to improve the nation’s cyber defenses. He’s proposed some $4 trillion in spending on infrastructure, social welfare and education programs.
“We need a significantly larger number of experts in the area of cyber security working for private companies, as well as private companies being willing to share data as to how they’re protecting themselves,” he said. “I think that’s part of the long-term answer, not just in terms of energy but across the board.”
This isn’t the first time Colonial has been forced to shut down. In 2016, an explosion kept the system offline for days, raising gasoline prices and forcing the New York Harbor market to become more dependent on imports of fuel from overseas.
Colonial has the capacity to ship about 2.5 million barrels a day on its system stretching from Houston to North Carolina and another 900,000 barrels a day to New York.
Ransomware cases involve hackers seeding networks with malicious software that encrypts the data and leaves the machines locked until the victims pay the extortion fee, which can range from a few hundred dollars to millions of dollars in cryptocurrency. Utilities’ information technology networks, which run email and other routine functions, and operational technology networks, which control the actual functioning of the delivery of electricity or natural gas, are typically kept mostly separate, which is what made Colonial’s decision to temporarily shut down both so unusual.
— With assistance by Jennifer A Dlouhy
(Adds comment from Biden starting in eighth paragraph)