A ransomware attack caused a major East Coast fuel pipeline operator to shut down its entire network on Friday, according to a U.S. official familiar with the matter.
Federal law enforcement and homeland security officials are investigating the matter. They do not yet know whether the attack on top U.S. fuel pipeline operator Colonial Pipeline was carried out by foreign government hackers or a criminal group, the official said.
The Cybersecurity 202: A group of industry, government and cyber experts have a big plan to disrupt the ransomware crisis
It’s “too early” to tell, said the official, speaking on condition of anonymity because the investigation is ongoing.
Colonial Pipeline said in a statement on Friday that it had temporarily shut down all its pipeline operations after being hit by a cyber attack.
Colonial’s 5,500 miles of pipelines carry fuel from refineries on the Gulf Coast to customers in the southern and eastern United States. It says it transports 45 percent of the fuel consumed on the East Coast, reaching 50 million Americans.
The company learned of the attack on some of its “information technology” or corporate network systems Friday, and “proactively took certain systems offline to contain the threat,” it said. In addition to contacting federal officials and law enforcement, it has also hired a cybersecurity firm to investigate the incident.
The U.S. official and experts in industrial control security said such attacks are more common than publicly known and that most just do not get reported.
“There are absolutely cases in industrial operations where ransomware impacts operations,’’ said Robert M. Lee, CEO and cofounder of Dragos, a major cybersecurity firm that handles incidents in the industrial control sector. “Oftentimes, though, that impact isn’t the impact that gets news media attention. They may not be to the level that this case is, but there are lots of industrial control companies that are battling ransomware around the United States.”
The Cybersecurity 202: Lawmakers scramble for legislative solutions to a growing ransomware crisis
The trend “exploded” in the last three years after the WannaCry and NotPetya computer worms showed cyber criminals how targeting operational and industrial control systems are “more likely” to make companies pay out, Lee said. Most of the cases he’s seen in the United States have been conducted by criminals—not foreign governments, he said.
“The last few years have been incredibly busy” because of the proliferation of vulnerabilities in firewalls and virtual private networks have allowed ransomware criminals to gain access to networks at an unprecedented scale, he said
Mike Chapple, a cybersecurity expert at the University of Notre Dame and a former computer scientist at the National Security Agency, said the shutdown of pipeline infrastructure indicated that the attack was either very sophisticated or that Colonial’s systems were not well secured.
“This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack,” Chapple said.
Prices for refined oil products are slumping on the Gulf Coast because of the shutdown. Analysts say that depending on how long the pipelines are out of service, prices for gasoline and jet fuel could rise in the New York area, as they did in 2017 when a hurricane forced a shutdown. As of now, with demand down and storage capacity around New York fairly full, analysts do not expect an immediate impact.
One of Colonial’s two pipelines ruptured last summer in North Carolina, spilling 1.2 million gallons of gasoline, the largest spill in the state’s history.
Investigators believe the age of the 42-year-old pipeline was a factor. Computerized sensors that had been retrofitted failed to flag the drop in pressure caused by the spill, which was discovered by two teenagers riding ATVs through the woods near Huntersville.