May 09, 2021

Cyber attack update: Major U.S. fuel pipeline halts operations

Posted May 09, 2021 9:00 AM
Pipeline tank farm in Dorsey, Maryland-photo courtesy Colonial Pipeline
Pipeline tank farm in Dorsey, Maryland-photo courtesy Colonial Pipeline

WASHINGTON (AP) — The federal government is working with the Georgia-based company that shut down a major pipeline transporting fuel across the East Coast after a ransomware attack, the White House says.

The government is planning for various scenarios and working with state and local authorities on measures to mitigate any potential supply issues, officials said Saturday. The attack is unlikely to affect gasoline supply and prices unless it leads to a prolonged shutdown, experts said.

Colonial Pipeline did not say what was demanded or who made the demand. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand a large payment to decrypt it.

The attack on the company, which says it delivers roughly 45% of fuel consumed on the East Coast, underscores again the vulnerabilities of critical infrastructure to damaging cyberattacks that threaten to impede operations. It presents a new challenge for an administration still dealing with its response to major hacks from months ago, including a massive breach of government agencies and corporations for which the U.S. sanctioned Russia last month.

In this case, Colonial Pipeline said the ransomware attack Friday affected some of its information technology systems and that the company moved “proactively” to take certain systems offline, halting pipeline operations. In an earlier statement, it said it was “taking steps to understand and resolve this issue” with an eye toward returning to normal operations.

The Alpharetta, Georgia-based company transports gasoline, diesel, jet fuel and home heating oil from refineries located on the Gulf Coast through pipelines running from Texas to New Jersey. Its pipeline system spans more than 5,500 miles, transporting more than 100 million gallon a day.

The private cybersecurity firm FireEye said it's been hired to manage the incident response investigation.

Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices depends on how long the pipeline is down. An outage of one day or two would be minimal, he said, but an outage of five or six days could cause shortages and price hikes, particularly in an area stretching from central Alabama to the Washington, D.C., region.

Lipow said a key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.

A leading expert in industrial control systems, Dragos CEO Robert Lee, said systems such as those that directly manage the pipeline’s operation have been increasingly connected to computer networks in the past decade.

But critical infrastructure companies in the energy and electricity industries also tend to have invested more in cybersecurity than other sectors. If Colonial’s shutdown was mostly precautionary — and it detected the ransomware attack early and was well-prepared — the impact may not be great, Lee said.

While there have long been fears about U.S. adversaries disrupting American energy suppliers, ransomware attacks by criminal syndicates are much more common and have been soaring lately. The Justice Department has a new task force dedicated to countering ransomware attacks.

The attack “underscores the threat that ransomware poses to organizations regardless of size or sector,” said Eric Goldstein, executive assistant director of the cybersecurity division at the federal Cybersecurity Infrastructure and Security Agency.

“We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats,” Goldstein said in a statement.

Ransomware scrambles a victim organization’s data with encryption. The criminals leave instructions on infected computers for how to negotiate ransom payments and, once paid, provide software decryption keys.

The attacks, mostly by criminal syndicates operating out of Russia and other safe havens, reached epidemic proportions last year, costing hospitals, medical researchers private businesses, state and local governments and schools tens of billions of dollars. Biden administration officials are warning of a national security threat, especially after criminals began stealing data before scrambling victim networks and saying they will expose it online unless a ransom is paid.

Average ransoms paid in the United States jumped nearly threefold to more than $310,000 last year. The average downtime for victims of ransomware attacks is 21 days, according to the firm Coveware, which helps victims respond.

U.S. law enforcement officials say some of these criminals have worked with Russia’s security services and that the Kremlin benefits by damaging adversaries’ economies. These operations also potentially provide cover for intelligence-gathering.

“Ransomware is the most common disruptive event that organizations are seeing right now that would cause them to shut down to prevent the spread,” said Dave White, president of cybersecurity firm Axio.

Mike Chapple, teaching professor of IT, analytics and operations at the University of Notre Dame’s Mendoza College of Business and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions.

“The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren’t in place,” Chapple said.

Brian Bethune, a professor of applied economics at Boston College, also said the impact on consumer prices should be short-lived as long as the shutdown does not last for more than a week or two. “But it is an indication of how vulnerable our infrastructure is to these kinds of cyberattacks,” he said.

Bethune noted the shutdown is occurring at a time when energy prices have already been rising as the economy reopens further as pandemic restrictions are lifted. According to the AAA auto club, the national average for a gallon of regular gasoline has increased by 4 cents since Monday to $2.94.

Anne Neuberger, the Biden administration’s deputy national security adviser for cybersecurity and emerging technology, said in an interview with The Associated Press in April that the government was undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks. She said the goal was to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity.

Since then, the White House has announced a 100-day initiative aimed at protecting the country’s electricity system from cyberattacks by encouraging owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks. It includes concrete milestones for them to put technologies into use so they can spot and respond to intrusions in real time.

--------

WASHINGTON (AP) — The operator of a major pipeline system that transports fuel across the East Coast said Saturday that it had been victimized by a ransomware attack and that it had halted all pipeline operations to deal with the threat. The attack is unlikely to affect gasoline supply and prices unless it leads to a prolonged shutdown of the pipeline, experts said.

Colonial Pipeline did not say what was demanded or by whom, but ransomware attacks are typically carried out by criminal hackers who seize data and demand a large payment in order to release it.

The attack on a pipeline operator, which says it delivers roughly 45% of all fuel consumed on the East Coast, underscored again the vulnerabilities of critical infrastructure to cyberattacks both by criminal hackers and U.S. adversaries. It presents a new challenge for an administration still grappling with its response to major hacks from months ago, including a massive breach of government agencies and corporations for which the U.S. sanctioned Russia last month.

In this case, Colonial Pipeline said the ransomware attack Friday affected some of its information technology systems and that the company moved “proactively” to take certain systems online, halting pipeline operations.

The Alpharetta, Georgia-based company transports gasoline, diesel, jet fuel and home heating oil from refineries primarily located on the Gulf Coast through pipelines running from Texas to New Jersey.

The company said it hired a cybersecurity firm to investigate the nature and scope of the attack and has also contacted law enforcement and federal agencies.

In a statement late Friday, Colonial Pipeline said it was “taking steps to understand and resolve this issue,” focused primarily on ”the safe and efficient restoration of our service and our efforts to return to normal operation.” It said it was “working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”

While there have long been fears about U.S. adversaries disrupting American energy suppliers, ransomware attacks by criminal syndicates are much more common and have been soaring lately.

Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices depends on how long the pipeline is down. An outage of one or two days would be minimal, he said, but an outage of five or six days could cause shortages and price hikes, particularly in an area stretching from central Alabama to the Washington, D.C., area.

Lipow said a key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.

A leading expert in industrial control systems, Dragos CEO Robert Lee, said systems such as those that directly manage the pipeline’s operation have been increasingly connected to computer networks in the past decade.

But critical infrastructure companies in the energy and electricity industries also tend to have invested more in cybersecurity than other sectors. If Colonial’s shutdown was mostly precautionary — and it detected the ransomware attack early and was well-prepared — the impact may not be great, Lee said.

Ransomware scrambles a victim organization’s data with encryption. The criminals leave instructions on infected computers for how to negotiate ransom payments and, once paid, provide software decryption keys.

Mike Chapple, teaching professor of IT, analytics and operations at the University of Notre Dame’s Mendoza College of Business and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions.

“The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren’t in place,” Chapple said.

Brian Bethune, a professor of applied economics at Boston College, also said the impact on consumer prices should be short-lived as long as the shutdown does not last for more than a week or two. “But it is an indication of how vulnerable our infrastructure is to these kinds of cyberattacks,” he said.

Bethune noted the shutdown is occurring at a time when energy prices have already been rising as the economy reopens further as pandemic restrictions are lifted. According to the AAA auto club, the national average for a gallon of regular gasoline has increased by four cents since Monday to $2.94.

Colonial Pipeline said it transports more than 100 million gallons of fuel daily, through a pipeline system spanning more than 5,500 miles.

The FBI and the White House’s National Security Council did not immediately return messages seeking comment. The federal Cybersecurity Infrastructure and Security Agency referred questions about the incident to the company.

A hacker’s botched attempt to poison the water supply of a small Florida city raised alarms about how vulnerable the nation’s critical infrastructure may be to attacks by more sophisticated intruders.

Anne Neuberger, the Biden administration’s deputy national security adviser for cybersecurity and emerging technology, said in an interview with The Associated Press in April that the government was undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks. She said the goal was to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity.

Since then, the White House has announced a 100-day initiative aimed at protecting the country’s electricity system from cyberattacks by encouraging owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks. It includes concrete milestones for them to put technologies into use so they can spot and respond to intrusions in real time. The Justice Department has also announced a new task force dedicated to countering ransomware attacks.

---------

WASHINGTON (AP) — A U.S. energy company says a cyberattack forced it to temporarily halt all operations on a major pipeline that delivers roughly 45% of all fuel consumed on the East Coast.

Colonial Pipeline said the attack took place Friday and also affected some of its information technology systems. The company transports gasoline, diesel, jet fuel and home heating oil from refineries primarily located on the Gulf Coast through pipelines running from Texas to New Jersey.

The Alpharetta, Georgia-based company said it hired an outside cybersecurity firm to investigate the nature and scope of the attack and has also contacted law enforcement and federal agencies. While there have long been fears about U.S. adversaries disrupting American energy suppliers, ransomware attacks by criminal syndicates are much more common and have been soaring lately.

In a statement late Friday, Colonial Pipeline said it was “taking steps to understand and resolve this issue,” focused primarily on ”the safe and efficient restoration of our service and our efforts to return to normal operation.” It said it was “working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”

Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices depends on how long the pipeline is down. An outage of one or two days would be minimal, he said, but an outage of five or six days could causes shortages and price hikes, particularly in an area stretching from central Alabama to the Washington, D.C., area.

Lipow said a key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.

The precise nature of the attack was unclear, including who launched it and what the motives were. A Colonial Pipeline spokeswoman declined to say whether the company had received a ransom demand, as is common in attacks from cyber criminal syndicates.

A leading expert in industrial control systems, CEO Robert Lee of Dragos, Inc., said everything points to a ransomware attack.

“How long they’ll be down depends on how far and wide this is,” he said. The pipeline could be back up and running relatively quickly if only IT systems are affected and Colonial was well-prepared. But if the network that directly controls pipeline functions is impacted it could take days, he said.

“It would not be unreasonable for a longer term, a week or so, of outages if it’s impactful on the operations side. We just don’t know that yet,” Lee said.

Ransomware scrambles a victim organization’s data with encryption. The criminals leave instructions on infected computers for how to negotiate ransom payments and, once paid, provide software decryption keys.

Mike Chapple, teaching professor of IT, analytics and operations at the University of Notre Dame’s Mendoza College of Business and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions.

“The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren’t in place,” Chapple said.

Brian Bethune, a professor of applied economics at Boston College, also said the impact on consumer prices should be short-lived as long as the shutdown does not last for more than a week or two. “But it is an indication of how vulnerable our infrastructure is to these kinds of cyberattacks,” he said.

Bethune noted the shutdown is occurring at a time when energy prices have already been rising as the economy re-opens further as pandemic restrictions are lifted. According to the AAA auto club, the national average for a gallon of regular gasoline has increased by four cents since Monday to $2.94.

Colonial Pipeline said it transports more than 100 million gallons of fuel daily, through a pipeline system spanning more than 5,500 miles.

The FBI and the White House’s National Security Council did not immediately return messages seeking comment. The federal Cybersecurity Infrastructure and Security Agency referred questions about the incident to the company.

A hacker’s botched attempt to poison the water supply of a small Florida city raised alarms about how vulnerable the nation’s critical infrastructure may be to attacks by more sophisticated intruders.

Anne Neuberger, the Biden administration’s deputy national security adviser for cybersecurity and emerging technology, said in an interview with The Associated Press in April that the government was undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks. She said the goal was to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity.

Since then, the White House has announced a 100-day initiative aimed at protecting the country’s electricity system from cyberattacks by encouraging owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks. It includes concrete milestones for them to put technologies into use so they can spot and respond to intrusions in real time. The Justice Department has also announced a new task force dedicated to countering ransomware attacks in which data is seized by hackers who demand payment from victims in order to release it.

___