The ransomware attack that forced the closure of the largest U.S. fuel pipeline this weekend showed how cyber criminals pose a far-reaching threat to the aging, vulnerable infrastructure that keeps the nation’s energy moving. Colonial Pipeline Co. closed its entire 5,500-mile conduit carrying gasoline and other fuels from the Gulf Coast to the New York metro area Friday as it moved to contain an assault that involved ransomware, code that holds computer systems hostage. So far, no evidence has emerged that the attackers penetrated the vital control systems that run the pipeline, according to people familiar with the matter.
Last year, a ransomware attack moved from a natural gas company’s networks into the control systems at a compression facility, halting operations for two days, according to a Department of Homeland Security alert. The company, which Homeland Security didn’t name, didn’t have a plan to respond to a cyberattack, the agency said.
The Colonial ransomware attack is a high-profile example of the online assaults that U.S. companies, schools, hospitals and other organizations now face regularly. It should also serve as a wake-up call for the energy industry’s particular exposure, according to consultants and others who work with companies to shore up cybersecurity.
U.S. and industry officials have known for years about such problems surrounding the nation’s energy infrastructure. A cybersecurity unit of Homeland Security said in 2016 it had worked to identify and mitigate 186 vulnerabilities throughout the energy sector, the most of any critical-infrastructure industry that year. In 2018, federal officials warned that hackers working for Russia had infiltrated the control rooms of U.S. electric utilities.
Colonial hasn’t said when it expects to restart the pipeline, which ferries 100 million gallons a day of gasoline, diesel and other refined petroleum products from the country’s chief refining corridor along the Gulf Coast to Linden, N.J. It transports roughly 45% of the fuel consumed on the East Coast, according to the company’s website.
The type of attack that occurred against Colonial Pipeline is becoming more frequent and is something that businesses need to be concerned with, Commerce Secretary Gina Raimondo said Sunday.
The attacks are “here to stay and we have to work in partnership with businesses to secure networks, to defend ourselves against these attacks,” she said on CBS’s “Face the Nation.” Specific to the Colonial attack, “it’s an all hands on deck effort right now.” The federal government is working with the company and state and local officials to resume normal operations and limit supply disruptions, Ms. Raimondo said, adding ,President Biden is being briefed on the issue.
Analysts said a closure of the pipeline for a few days shouldn’t have dramatic market impacts, because inventories of gasoline have been readied for the summer driving season and usually get replenished every five to six days. But if the pipeline remains offline for five days or longer, shortages could begin to affect retail stations and consumers along the East Coast, they said.
The industry is ill-prepared for such attacks, security experts said. Some operational technologies—for physical systems like pipelines and the electric grid—have protocols that predate those for the internet, said Padraic O’Reilly, co-founder and chief product officer of Boston-based CyberSaint Sec