Colonial Pipeline, the largest U.S. fuel pipeline company, is working to resume operations after a cyberattack, the company said in a statement Friday (May 7), as it works to restore operations at Colonial Pipeline, a major pipeline for gasoline and diesel fuel on the U.S. East Coast.
Colonial, which operates the largest gasoline and diesel pipeline system in the United States, has hired a third-party cybersecurity firm to investigate the hack and has also contacted U.S. law enforcement and other federal agencies. The company said in a statement Friday night that it is taking steps to try to minimize the impact of the outage on customers.
Colonial Pipeline, which operates the 5,500-mile Colonial Pipeline system, is the largest pipeline for refined products in the United States, transporting more than 100 million gallons of fuel products per day and accounting for about 45 percent of fuel consumption on the East Coast, according to the company’s website. It provides fuels including gasoline, diesel, jet fuel and heating oil, and serves U.S. military installations.
Colonial’s pipeline network can transport 2.5 million barrels per day of refined refined product from the Gulf Coast to Linden, N.J. It supplies gasoline, diesel and jet fuel to fuel distributors and airports from Houston to New York.
All pipeline operations are currently suspended to contain the threat. Analysts say the temporary disruption is not expected to have a significant impact on the fuel market unless the pipeline remains closed for several days.
Fox News reported that people familiar with the matter said the cyberattack on Colonial appears to involve ransomware, a code that attempts to seize computer systems and demands payment from victims to unlock their computers. The person familiar with the matter said the investigation is still in its early stages.
FireEye Inc., a U.S.-based cybersecurity company, is investigating the attack, said the person familiar with the matter. a FireEye spokesman declined to comment.
It is unclear whether the cyberattack was state-led or the work of an independent hacking group. It can often take months or even longer to clear up an investigation.
“At this time, our primary focus is on security, effective restoration of our services and efforts to restore normal operations,” the company said in a statement. “This process is already underway and we are working to resolve the issue with minimal disruption to our customers.”
Company spokeswoman Kelsey Tweed said, “At this time, the Company does not have additional details to provide.”
Gasoline stocks are ready for the summer driving season and are typically replenished every five to six days. But if pipelines remain offline for days on end, supply shortages at the pump in the southeastern U.S. and Atlantic Coast markets will begin to affect retail stations and consumers, Andy Lipow, president of Houston consulting firm Lipow Oil Associates, told Fox.
Lipow said, “This is similar to a hurricane event causing a pipeline shutdown, so if it lasts a day or two, its impact will be mitigated.”
Threats to U.S. critical infrastructure from hackers, some of them suspected foreign government actors, have been growing, prompting the White House to develop a plan to improve the security of utilities and their suppliers. The first step in the effort will address security vulnerabilities in the power grid, followed by other sectors such as natural gas pipelines and water utilities.
Mike Chapple, a cybersecurity expert at the University of Notre Dame and former National Security Agency official, told Fox that the cyberattack on Colonial Pipeline appears to indicate that the hack was “extremely sophisticated” or that the system was not properly protected.
Chapple said, “These systems should not be connected to the Internet and (going) offline would make it very difficult for outsiders to control them.”
“This pipeline shutdown sends the message that core elements of our national infrastructure remain vulnerable to cyber attacks,” he said. He said.
Recent Comments