On May 8th, one of the top American pipeline operators, Colonial Pipeline, announced that it was forced to shut down its entire network following a hacking attack that crippled computer infrastructure. Colonial transports almost 2.5 million barrels per day of jet fuel, diesel, gasoline, and other refined products from the Gulf Coast to the southern and eastern United States through pipelines spanning 5,500 miles, supplying almost 50 percent of the entire east coast.
The ransomware attack was conducted by a cybercrime gang named DarkSide. “The move was part of a double-extortion scheme that is one of the group’s hallmarks. Colonial was threatened that the stolen data would be leaked to the internet while the information that was encrypted by the hackers on computers inside the network would remain locked unless it paid a ransom,” reported Bloomberg.
The hackers began attacking the pipeline last Thursday and stole almost 100 gigabytes of data in just two hours. They then locked down the company’s computers using ransomware and demanded an unknown amount of payments. Cybersecurity firm FireEye has been enlisted to deal with the attack.
According to an update posted by Colonial on its website on May 9, the operations team is developing a system restart plan. Some of the “smaller lateral lines between delivery points and terminals” are now operational. However, the mainlines, named Line 1, 2, 3, and 4, continue to remain offline. The company will only bring the system back to normal when it is “safe to do so” and in compliance with federal regulations.
Extended downtime may lead to gas price surge
While fuel pump prices have remained relatively stable, the situation could easily change if the pipeline shutdown continues longer than expected. Gaurav Sharma, an oil market analyst, expects that the first areas to be impacted will be Tennessee and Atlanta, after which a domino effect will end up hitting New York as well.
Andrew Lipow, president of consultancy Lipow Oil Associates, warned that if the system remains shut down for four or five days, there will be sporadic outages at fuel terminals that depend on the pipeline network for oil supplies. According to the AAA Gas Prices website, the national average pump price for regular gas is currently at $2.967 per gallon, up from $2.904 per gallon a week ago. Experts predict the prices to exceed $3 per gallon soon, which last occurred in Oct. 2014.
Cybersecurity firm Digital Shadows believes that the Colonial cyber-attack occurred largely because of vulnerabilities due to pipeline engineers working remotely from home during the pandemic. “We’re seeing a lot of victims now, this is seriously a big problem now… The amount of small businesses that are falling victim to this – it’s becoming a big problem for the economy globally,” Digital Shadows co-founder James Chappell told BBC.
Rising ransom demands
Ed Amoroso, CEO of TAG Cyber, said in an AP report that Colonial is lucky that the hackers were only motivated by profits and not geopolitics. In recent years, the number of cyberattacks on America’s critical infrastructure has risen. Last year, the average ransom paid in the U.S. to ransomware attackers spiked threefold to over $310,000. The average downtime for victims was 21 days, according to ransomware recovery experts at Coveware.
Washington has passed emergency legislation following the Colonial attack to relax fuel transport regulations. Drivers from 17 states are now granted “temporary hours of service exemption” while transporting refined petroleum products.
In an interview with NBC’s “Meet the Press,” Republican Senator Bill Cassidy stated that the Colonial ransomware attack highlighted the need to help American companies safeguard against cyberattacks. “Congress has attempted to fix that. There’s been problems in the past with sharing classified information with private entities. And Congress has passed a law to fix that,” he said in the interview.
“But it’s going to take an ongoing relationship. By the way, a bipartisan relationship, in which we better equip small businesses and large businesses to withstand cyber attacks… The implications for this, for our national security, cannot be overstated. And I promise you, this is something that Republicans and Democrats can work together on,” he said.