Major US oil pipeline disrupted by cyber attack

On Saturday, 8 May, Colonial Pipeline Company announced it had been the victim of a cybersecurity attack on 7 May and that the incident involved ransomware. Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of the company’s IT systems.

Colonial Pipeline is the largest refined products pipeline in the United States, transporting more than 380 million litres of fuel daily from Houston, Texas, to the New York harbour — almost half the fuel consumed on America’s east coast.

The company announced in a press release that “leading, third-party cybersecurity experts were also immediately engaged after discovering the issue and launched an investigation into the nature and scope of this incident.” The company said it has “remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the Federal Government response”.

The attack is being described as the worst cyber attack to date on critical US assets. The ABC is reporting that, according to sources close to the investigation, “the attack was carried out by a gang of cyber criminals known as DarkSide, who cultivate a Robin Hood image of stealing from corporations and giving a cut to charity”.

As of today, the company is still working to restore the service. As a result, the US Government issued emergency legislation to enable the fuel to be transported by road.

A temporary waiver issued by the Department of Transportation also enables oil products to be shipped in tankers up to New York, but this would not be anywhere near enough to match the pipeline’s capacity, according to oil market analysts.

Image: Colonial Pipeline Company.