Cyberattack forces closure of largest US refined-fuel pipeline

Oil storage tanks owned by the Colonial Pipeline Company in Linden, N.J. (AP Photo/Mark Lennihan, File)

The Colonial Pipeline, the main conduit carrying gasoline and diesel fuel to the U.S. East Coast, said it had halted all operations after being hit with a cyberattack.

Colonial Pipeline Co. -- which operates the 5,500-mile Colonial Pipeline system taking fuel from the refineries of the Gulf Coast up to the New York metro area -- said it learned Friday that it was the victim of the attack and "took certain systems offline to contain the threat, which has temporarily halted all pipeline operations."

The outage isn't expected to have a significant impact on fuel markets unless the pipeline remains shut down for several days, analysts said.

The cyberattack on Colonial appeared to involve ransomware, a type of code that attempts to seize computer systems and demand payment from the victim to have them unlocked, according to a person familiar with the matter. The investigation was in its early stages, the person said.

The company said it had engaged a third-party cybersecurity firm to help with the issue, which affected some of its IT systems, and had contacted federal agencies and law enforcement.

FireEye Inc ., a U.S.-based cybersecurity firm, is investigating the attack, according to people familiar with the matter. A FireEye spokesman declined to comment.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, which works with critical infrastructure companies on cyber defense, didn't immediately respond to requests for comment.

It wasn't clear whether the attack was perpetrated by a nation-state actor or criminal actor. Attributing cyberattacks is difficult and can often take months or longer.

The Colonial Pipeline is the largest refined-products pipeline in the U.S., transporting more than 100 million gallons a day, or roughly 45% of fuel consumed on the East Coast, according to the company's website. It delivers fuels including gasoline, diesel, jet fuel and heating oil and serves U.S. military facilities.

"At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation," the company said in a statement. "This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers."

Colonial spokeswoman Kelsey Tweed said the company didn't have further details to provide "at this time."

Inventories of gasoline have been readied for the summer driving season and usually get replenished every five to six days. But if the pipeline remains offline for days, shortages at terminals that receive fuel in the southeastern U.S. and Atlantic Coast markets could begin to affect retail stations and consumers, said Andy Lipow, president of consulting firm Lipow Oil Associates in Houston.

"It's similar to a hurricane event where the pipeline gets shut down, so if it's for a day or two then the impact will be mitigated," Mr. Lipow said.

Cyberattacks targeting critical infrastructure or key companies, some by suspected foreign actors, have become a growing area of concern for the U.S. national security officials.

Russian hackers, for example, have been blamed by western intelligence agencies for temporarily downing parts of Ukraine's power grid in the winter. Pipelines have long been viewed as an area of concern for these kinds of attacks, in part because halting their operations can have immediate impact.

President Biden in April announced punitive measures against Russia, blaming suspected Russian agents for a month-long hack of the U.S. government and some of America's biggest corporations.

That attack involved SolarWinds Corp. , a network-management software firm whose software was one of the primary entry-points for the hackers, but extended beyond its software. It has been described as one of the worst instances of cyber espionage in U.S. history.

Mike Chapple, a cybersecurity expert at the University of Notre Dame and former National Security Agency official, said the Colonial Pipeline attack appeared to show the hackers were "extremely sophisticated" or that the systems were not properly secured.

"These systems shouldn't be connected to the Internet, making it very difficult for an outsider to gain control of them," Mr. Chapple said. "This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack."