Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed

A hooded man holds a laptop while cyber code is projected onto him in this image captured on May 13, 2017. The leading US fuel pipeline operator Colonial Pipeline has closed its entire network after a cyber attack, the company said on Friday. REUTERS / Kacper Pempel / Illustration / File Photo

The leading US fuel pipeline operator Colonial Pipeline has shut down its entire network, which provides almost half of the fuel supply to the US east coast, after a cyber attack with ransomware.

The incident is one of the most disruptive digital ransom operations ever reported and has drawn attention to how critical the US energy infrastructure is to hackers. A lengthy shutdown would take place lead to an increase in the price of gasoline pumps before the high summer driving season.

Colonial transports 2.5 million barrels of gasoline, diesel, jet fuel and other refined products daily over 8,850 km of pipelines connecting refineries on the Gulf Coast with the eastern and southern United States. It serves some of the largest airports in the country, including Hartsfield Jackson Airport in Atlanta, the busiest in the world.

“This is as close as possible to the infrastructure in the US,” said Amy Myers Jaffe, research professor and executive director of the Climate Policy Lab. “It’s not a big pipeline. It’s the pipeline.”

Colonial said it shut down systems to contain the threat after learning of the attack on Friday. That action also temporarily ceased operations and affected some of its IT systems, the company said.

While the U.S. government’s investigation is in the early stages, a former official and two industry sources said Hackers are likely a professional cybercriminal. The former official said investigators were looking at a group known as DarkSide, known for using ransomware and blackmailing victims while avoiding targets in post-Soviet states.

Colonial and the Cybersecurity and Infrastructure Security Agency (CISA) said the incident involved the use of ransomware, a type of malware designed to lock systems down by encrypting data and demanding payment in order to regain access.

Colonial hired a cybersecurity firm to open an investigation and reached out to law enforcement and federal agencies, it said.

Cyber security company FireEye (FEYE.O) was used to respond to the attack, cybersecurity industry sources said. FireEye declined to comment.

US government agencies said they are aware of the situation. President Joe Biden was briefed on the incident Saturday morning, a White House spokesman said, adding that the government was working to help the company restore operations and prevent supply disruptions.

The Department of Energy said it was monitoring possible effects on the country’s energy supplies, while both CISA and the Transportation Security Administration told Reuters they were working on the situation.

“We are working with the company and our inter-agents on the situation. This underscores the threat ransomware poses to any organization of any size or industry,” said Eric Goldstein, executive director of cybersecurity at CISA.

Colonial did not provide any further details and did not provide how long the pipelines would be closed. The privately held Georgia-based company is owned by CDPQ Colonial Partners LP, IFM (USA) Colonial Pipeline 2 LLC, KKR-Keats Pipeline Investors LP, Koch Capital Investments Company LLC, and Shell Midstream Operating LLC.

“Cybersecurity vulnerabilities have become a systemic problem,” said Algirde Pipikaite, director of cyber strategy at the World Economic Forum’s Cybersecurity Center.

“If cybersecurity measures are not embedded in the development phase of a technology, we are likely to see attacks on industrial systems such as oil and gas pipelines or water treatment plants more frequently,” added Pipikaite.

If the system is left closed for four or five days, the market can experience intermittent failures at fuel terminals that depend on the pipeline for deliveries, said Andrew Lipow, president of consulting firm Lipow Oil Associates.

After the shutdown was first reported on Friday, gasoline futures on the New York Mercantile Exchange rose 0.6% while diesel futures rose 1.1%, both of which outperformed gains in crude oil. Gulf Coast cash prices for gasoline and diesel declined amid prospects that supplies could build up in the area.

“Every day this is becoming a bigger and bigger impact on the Gulf Coast oil refinery,” said Lipow. “Refineries would have to respond by reducing crude oil processing because they have lost part of the distribution system.”

Gulf Coast prices could continue to weaken, while New York Harbor prices could rise, one market operator said – gains that could point to an increase in northeast pumps.

The American Petroleum Institute, a leading oil industry trading group, and the American Automobile Association said they are monitoring the situation.

Kinder Morgan Inc (KMI.N) Products (SE) Pipe Line Corporation (PPL) continues to operate. PPL is currently working with customers to accommodate additional kegs during Colonial downtime. PPL can deliver approximately 720,000 bpd of fuel through its pipeline network, which originates in Louisiana and ends in the Washington, DC area.

Ben Sasse, a Republican senator from Nebraska and a member of the Senate Select Committee on Intelligence, said the cyberattack was a warning of things to come.

“This is a play that will be performed again and we are not adequately prepared,” he said. Legislators should adopt an infrastructure plan to protect the sectors against these attacks.

Colonial previously shut down its gasoline and distillate lines during Hurricane Harvey, which hit the Gulf Coast in 2017. This contributed to scarce supplies and soaring gasoline prices in the US after the hurricane shut down many Gulf refineries.

Our standards: The Thomson Reuters Trust Principles.