Cyberattack on Pipeline Raises Energy Infrastructure Security Concerns

Colonial Pipeline shuttered its East Coast fuel pipeline system as data were hacked and held for ransom.

The FBI has traced the Colonial Pipeline hack to a Russian outfit called DarkSide.
Traitov/Getty Images/iStockphoto

A profit-motivated cyberattack forced the nation’s top midstream fuel transporter Colonial Pipeline to halt gasoline flow from Texas to the East Coast and prompted lawmakers to call for an overhaul of security protections for the nation’s energy infrastructure. The White House is working with Colonial to identify and minimize the damage from the ransomware attack first detected on 7 May. The operator is in the process of restoring services on its 5,500-mile pipeline network halted by the hack. The system moves about 2.5 million B/D of gasoline.

US Commerce Secretary Gina Raimondo told the television news program “Face The Nation” on 8 May that the pipeline fix was a top priority for the Biden administration and Washington was working to avoid additional fuel supply disruptions. Colonial’s main lines remain idle, but the company has restored some smaller lateral lines between terminals and delivery points.

“The crippling of this critical energy infrastructure and near-term financial impact for Colonial and its parent, Colonial Enterprises Inc., will primarily depend on how long the pipeline is kept offline, which remains uncertain,” said Arvinder Saluja, vice-president/senior analyst at Moody’s. “Longer term, Colonial’s system and other important US energy infrastructure assets will likely face heightened regulatory scrutiny which could result in a need to increase their investments in cybersecurity.”

After learning of the attack, Colonial engaged third-party cybersecurity experts and launched an investigation into the nature and scope of this incident. The company has remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the federal government response.

“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” the company said in a 10 May statement. “This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week. The company will provide updates as restoration efforts progress.”

Prolonged outage of the system could significantly impact regional fuel supplies in areas like the southeastern US. The system also services a number of airports along its route, including Atlanta’s Hartsfield Jackson Airport—one of the busiest in the nation.

The FBI confirmed that a Russian cybercrime outfit referred to as DarkSide was behind the attack. DarkSide makes money by hacking a network, encrypting some of is files so they can’t be accessed, and threatening to publish them online if a hefty ransom isn’t paid.

The Colonial hack is the latest in the growing number of cyberattacks focused on profit. Ransomware attacks have been made on hospitals, law enforcement, and, increasingly, industry.

"The implication for this, for our national security, cannot be overstated,” said US Senator Bill Cassidy, a Republican from Louisiana who sits on the Energy Committee, on NBC’s Meet The Press new program. “And I promise you, this is something that Republicans and Democrats can work together on.”

For Further Reading

JPT: Cybersecurity: Preventing Infection in a Body of Data
HSE Now: New Cybersecurity Threat Emerges
HSE Now: Oil and Gas Cybersecurity Projects Went "to the Bottom of the Pile" in Energy Slump