A cyberattack has temporarily halted operations at Colonial Pipeline, the largest pipeline system for moving gas and diesel products in the U.S., the company said Friday.
Colonial Pipeline, which delivers more than 100 million gallons of fuel daily to customers from Texas to New York, said that after learning of the incident on Friday that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems.”
It was unclear at press time Saturday morning who was responsible for the digital intrusion or how long the company’s pipeline operations would be halted. A Colonial Pipeline spokesperson declined to comment beyond the company’s statement.
The Department of Homeland Security’s cybersecurity agency said that ransomware was the cause of the incident in a statement Saturday afternoon.
“This underscores the threat that ransomware poses to organizations regardless of size or sector,” DHS’s Cybersecurity and Infrastructure Security Agency (CISA) said, adding that it was working with Colonial Pipeline to address the issue.
Colonial Pipeline said it had contacted law enforcement, and that efforts to restore normal operations were “already underway.”
“[W]e are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline,” the statement continued.
A White House spokesperson said that President Joe Biden was briefed on the incident Saturday morning.
“The federal government is working actively to assess the implications of this incident, avoid disruption to supply, and help the company restore pipeline operations as quickly as possible,” the White House spokesperson said.
As the operators of the nation’s 2.7 million miles of pipelines for oil, natural gas, and other hazardous liquids embrace digital technology to run their businesses more efficiently, concerns about their susceptibility to hackers have grown. The Department of Homeland Security in February 2020 revealed that a ransomware attack on an unnamed natural gas compression facility caused the organization to shut down its operations for two days.
A breach of the IT services that pipeline operators use to process transactions can also be a risk to business. In April 2018, a hack of a billing software vendor used by Texas-based Energy Transfer Partners LP, which owns more than 71,000 miles of pipelines, forced the company to process transactions on its own until the issue was resolved.
Cybercriminals looking for payouts have in recent years gone after companies in the oil and gas sector, just as they have just about every other sector.
Apart from the apparently cybercriminal incidents involving ransomware at companies like Colonial Pipeline, energy companies have had to consider other threats when building network defenses. Broadly speaking, U.S. national security officials have warned for years that state-sponsored hackers from Russia and elsewhere had demonstrated an interest in mapping vulnerabilities in U.S. critical infrastructure such as electric systems and pipelines.
In general, “China has the ability to launch cyberattacks that cause localized, temporary disruptive effects on critical infrastructure—such as disruption of a natural gas pipeline for days to weeks,” U.S. intelligence agencies said in a 2019 assessment of global security threats.
U.S. lawmakers in late 2018 called on DHS to step up its cybersecurity guidelines and services to support pipeline operators out of concern the U.S. government was not doing enough.
DHS and Department of Energy officials that year announced an initiative to coordinate with oil and gas executives more closely on pipeline cybersecurity. In February, CISA published cybersecurity assessment tools meant to strengthen the defenses of pipeline operators.
UPDATE, 06:37 p.m. EDT: This story has been updated with a statement from the White House.
UPDATE, 07:56 p.m. EDT: This story has been updated with a statement from the Department of Homeland Security.