Cyber-Attack Shuts Down Biggest Gasoline Pipeline in US–Colonial Pipeline
NEW YORK—Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network, the source of nearly half of the U.S. East Coast’s fuel supply, after a cyber attack that the company said was caused by ransomware.
The shutdown has raised fears of a price spike at the gas pumps ahead of peak demand summer driving season if it persists, and has drawn attention to how critical U.S. energy infrastructure is vulnerable to hackers.
Colonial transports 2.5 million barrels per day of gasoline, diesel, jet fuel, and other refined products through 5,500 miles (8,850 km) of pipelines linking refiners on the Gulf Coast to the eastern and southern United States.
The company said it shut down systems to contain the threat after learning of the attack on Friday. That action also temporarily halted operations and affected some of its IT systems, the company said.
While the U.S. government investigation is in its early stages, one former official and two industry sources said the hackers are likely a highly professional cybercriminal group. Investigators are looking into whether a group dubbed “DarkSide” by the cybersecurity research community is responsible, the former government official said.
DarkSide is known for deploying ransomware and extorting victims, while selectively avoiding targets in post-Soviet states.
The malicious software used in the attack was ransomware, Colonial said on Saturday. Ransomware is a type of malware that is designed to lock down systems by encrypting data and demanding payment to regain access. The malware has grown in popularity over the last five years.
Colonial has engaged a third-party cybersecurity firm to launch an investigation and contacted law enforcement and other federal agencies, it said.
Cybersecurity company FireEye has been brought in to respond to the attack, the cybersecurity industry sources said. FireEye declined to comment.
The U.S. Transportation Security Administration told Reuters it is working with other agencies on the situation.
Colonial did not give further details or say for how long its pipelines would be shut. The privately held, Georgia-based company is owned by CDPQ Colonial Partners L.P., IFM (US) Colonial Pipeline 2 LLC, KKR-Keats Pipeline Investors L.P., Koch Capital Investments Company LLC, and Shell Midstream Operating LLC.
“Cybersecurity vulnerabilities have become a systemic issue,” said Algirde Pipikaite, cyber strategy lead at the World Economic Forum’s Centre for Cybersecurity.
“Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants,” Pipikaite added.
After the shutdown was first reported on Friday, gasoline futures on the New York Mercantile Exchange gained 0.6 percent to settle at $2.1269 a gallon, while diesel futures rose 1.1 percent to settle at $2.0106 a gallon—both outpacing gains in crude oil. Gulf Coast cash prices for gasoline and diesel, meanwhile, edged lower on prospects that supplies could accumulate in the region.
“As every day goes by, it becomes a greater and greater impact on Gulf Coast oil refining,” said Andrew Lipow, president of consultancy Lipow Oil Associates. “Refiners would have to react by reducing crude processing because they’ve lost part of the distribution system.”
If the system is shut for four or five days, the market could see sporadic outages at fuel terminals that depend on the pipeline for deliveries, he said.
Gulf Coast prices could weaken further, while prices in New York Harbor could rise, one market participant said—gains that could portend increases at the Northeast pumps.
“This is a big deal, and if manual overrides or backups aren’t available, the mitigation of this incident may take more time than we’d like,” said Chris Bronk, an associate professor of computer information systems at the University of Houston and a former senior advisor to the U.S. State Department.
The American Petroleum Institute, a top oil industry trade group, said it was monitoring the situation.
Oil company Exxon Mobil Corp said its Gulf Coast plants were operating normally, and a Royal Dutch Shell PLC spokesman declined to comment.
Ben Sasse, a Republican senator from Nebraska and a member of the Senate Select Committee on Intelligence, said the cyberattack was a warning of things to come.
“This is a play that will be run again, and we’re not adequately prepared,” he said, adding lawmakers should pass an infrastructure plan that hardens sectors against these attacks.
Colonial had previously shut down its gasoline and distillate lines during Hurricane Harvey, which hit the Gulf Coast in 2017. That contributed to tight supplies and gasoline price rises in the United States after the hurricane forced many Gulf refineries to shut down.
East Coast gasoline cash prices rose to the highest since 2012 during Hurricane Harvey and have not gone higher since, while diesel prices rose to a more than two-year high, Refinitiv Eikon data showed.
By Stephanie Kelly and Christopher Bing