U.S. Pipeline has Officially Reopened Post-ransomware, but how has the Shutdown Affected the Industry?

After a six-day shutdown, Colonial Pipeline had started to resume pipeline operations, but it will take several days for service to fully restore. This ransomware attack was not the first cyber threat America’s oil and gas industry faced. Federal officials and security experts have warned the aging and vulnerable energy infrastructure is a big target for cybercrime.

 

Digital Transformation at Colonial Pipeline

As the largest U.S. refined products pipeline operator, Colonial Pipeline's network transports around 100 million gallons per day of gasoline, diesel, and other fuel products, with pipelines stretching 5,500 miles from the Gulf Coast to the eastern and southern states. It carries 45% of the East Coast’s fuel supply and provides jet fuel to Atlanta and Baltimore airports.

 

Colonial Pipeline’s system map.  Image used courtesy of Colonial Pipeline

 

Operating pipelines in today’s world, Colonial’s digital transformation is underway from the mechanical environment through increasing automation and leveraging the latest technologies. According to its website, Colonial is modernizing the control system to better maintain its 280+ facilities. To improve safety and efficiency, Colonial operators are using computerized technology to constantly monitor, control, and adjust pipeline pressure, pump status, and valve positions.

 

Ransomware Attack led to Main Pipeline Shutdown

On May 7, Colonial Pipeline reported a cybersecurity incident involving ransomware. Working with federal agencies and third-party cybersecurity firms, Colonial acted proactively to contain the threat by taking key servers offline, which resulted in the pipeline operations temporarily shut down and impacting some of its IT systems. Since then, Colonial has been in the process of safely restoring the service and bringing the systems back online. 

 

Colonial Pipeline is the largest U.S. refined products pipeline operator.  Image used courtesy of Colonial Pipeline

 

A ransomware attack typically involves a criminal group as the attacker holding the stolen information and data hostage and demanding the victim to pay a ransom. As reported by CNN and Wall Street Journal, the cyberattacks against Colonial appeared to be limited to information systems, and the control system has not been compromised. The Colonial spokesperson stated that there is no evidence that the attackers penetrated the vital operational technology (OT) systems so far.

 

Society Impact and System Restart

According to Reuters’ report, in the wake of the pipeline shutdown, several southeastern states including North Carolina, South Carolina, Virginia, and Georgia with more than or around half of the gas stations had outages. In some cases, motorists’ panic buying caused the stations to run short on fuel. The average national gasoline price reached the highest since October 2014 to above 3 USD per gallon.

Since the pipeline system was taken offline, Colonial manually delivered existing inventories to the hard-hit markets. In the evening of May 12, the company announced that it initiated the restart of pipeline operations. Updated by May 13, Colonial reported that the whole pipeline system is operational and the product delivered back to all markets they serve. Still, it will take days to fully resume the product delivery supply chain.

 

Colonial restarted the pipeline system.  Image used courtesy of Colonial Pipeline

 

Energy Secretary Jennifer Granholm wrote on Twitter that as Colonial is resuming full operations, things will return to normal within days.

 

A “Wakeup Call” for the Industry

The World Economy Forum estimated that the cyberattack on the Colonial Pipeline could become one of the most expensive attacks on an economy. The digitalization of the energy, oil, gas, and other utilities sectors drives growth and energy-saving while changing the nature of cyber risks.

Transportation Secretary Pete Buttigieg warned it is a “wakeup call” for the country’s cybersecurity defense. Wall Street Journal reported that in the U.S., many control systems for pipelines, refineries, and power plants with protocols that predated the internet are vulnerable to sophisticated cyberattacks.

To improve the cybersecurity of critical infrastructure, the World Economy Forum suggested creating a comprehensive management model for cybersecurity, preparing and implementing risk management and defense mechanisms at each stage of prevention, monitoring, response, and recovery, as well as establishing international public-private collaborations.

For more information on how to help keep control systems safe from cyber attacks, read our comprehensive cybersecurity resource.