A major oil pipeline that transports more than 100 million gallons of fuel per day from Houston to Linden, New Jersey, has been shut down following a cyberattack on the corporation that owns it.
Colonial Pipeline, which claims to carry 45% of the fuel supply on the East Coast, shut down its entire pipeline network and some of its IT networks on Friday.
“Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have already launched an investigation into the nature and scope of this incident, which is ongoing,” the company stated.
“We have contacted law enforcement and other federal agencies.”
The assault on the Colonial Pipeline, which runs 5,500 miles and supplies nearly half of the oil, diesel, and jet fuel used on the East Coast, hit some of the company’s business-side computer systems first, rather than the systems that control the pipelines directly. The Georgia-based company said the pipelines were shut down as a precaution and that it had hired a third-party cybersecurity firm to look into the incident, which it confirmed was a ransomware attack. The shutdown was first announced late Friday, and the company said it had contacted law enforcement and other government agencies.
Colonial Pipeline, located in Alpharetta, Georgia, said that restoring service is its top priority, and that the “process is already underway.” There was no indication of when the pipeline would be operational again. However, it gave no details about what happened, who carried out the attack, what their motives were, or whether the attack caused any additional problems.
A White House spokesperson said Biden was briefed on the incident Saturday morning and that the government “is working actively to assess the implications of this incident, avoid disruption to supply, and help the company restore pipeline operations as quickly as possible.”
Amy Myers Jaffe, a long-time energy researcher and author of Energy’s Digital Future, said “This was not a minor target,” she coutinued “Colonial Pipeline is ultimately the jugular of the U.S. pipeline system. It’s the most significant, successful attack on energy infrastructure we know of in the United States. We’re lucky if there are no consequences, but it’s a definite alarm bell.”
According to a security researcher, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency claims the attack is the work of the criminal ransomware group known as Darkside, not a nation-state.
“We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats,” said Eric Goldstein, the agency’s executive assistant director for cybersecurity.
During Hurricane Harvey in 2017, Colonial shut down large parts of its pipelines, according to CNBC. Gasoline and diesel prices soared to multi-year highs during that period.