A ransomware attack has crippled the largest U.S. pipeline operator, Colonial Pipeline, shutting down 45% of the East Coast’s supply of fuel. As a result, the US Department of Transportation (USDOT) issued an emergency waiver to allow easier transports of fuel by truck in those states affected. Colonial also issued a new statement confirming pipeline systems have been restarted.
The pipeline operator transports 2.5 million barrels a day through its pipelines or 45% of the East Coast’s supply of diesel, petrol and jet fuel.
Colonial Pipeline took itself offline after discovering the cyberattack on Friday.
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,’ the operator said in a press release Saturday.
Moreover, the company said it was working with a third party cybersecurity firm and also contacted law enforcement and other federal agencies while the investigation into the incident is underway.
On Sunday, Colonial provided an operational update on the cyberattack and said bringing their systems back online is their highest priority.
“The Colonial Pipeline operations team is developing a system restart plan. While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the firm stated.
As a result of the cyberattack, USDOT’s Federal Motor Carrier Safety Administration (FMCSA) has issued a Regional Emergency Declaration for affected states. Those states and jurisdictions include: Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia.
The emergency declaration allows temporary exceptions in the law to allow transportation companies to work longer hours.
“This Emergency Declaration provides for regulatory relief for commercial motor vehicle operations while providing direct assistance supporting emergency relief efforts transporting gasoline, diesel, jet fuel, and other refined petroleum products into the Affected States during the emergency from shortages due to the shutdown, partial shutdown, and/or manual operation of the Colonial pipeline system,” the FMCSA said in a statement on Sunday.
The incident highlights the high risk ransomware attacks can pose to critical industrial infrastructure and other enterprises.
Readers may recall last year when Ekans ransomware targeted industrial control systems, as well as a Snake ransomware attack against European energy company giant Enel Group.
Also last year, The Cybersecurity and Infrastructure Security Agency (CISA) issued a security alert of a ransomware attack launched against another pipeline operator. In the cyberattack, threat actors used spear phishing to gain a foothold into the organization’s IT network, then pivot to the operations technology (OT) network.
Update May 14, 2021 (original posting May 10, 2021):
Colonial provided an update regarding system restarts on May 13:
“Colonial Pipeline has made substantial progress in safely restarting our pipeline system and can report that product delivery has commenced in a majority of the markets we service. By mid-day today, we project that each market we service will be receiving product from our system.”
Colonial Pipeline
The operator previously confirmed pipeline operations had restarted on May 12 at 5 P.M. Eastern Time.