Through Mike Jeffers and William Turton at 05/09/2021
(Bloomberg) – The operator of the largest gas pipeline in the United States shut down operations on Friday night following a ransomware attack that threatens to disrupt energy markets and disrupt gas and gas supplies. East Coast diesel.
Colonial Pipeline said in a statement on Saturday that it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations and affected some of our IT systems.” He is working to get things back to normal.
Map of colonial pipeline networks
Cyber security firm FireEye Inc. said its incident response division at Mandiant is participating in the investigation. President Joe Biden, who is spending the weekend at Camp David, was briefed on the incident on Saturday morning, the White House said.
Colonial is a key artery for the eastern half of the U.S. It is the primary source of gasoline, diesel and jet fuel for the East Coast with a capacity of approximately 2.5 million barrels per day on its network from Houston to North Carolina, and 900,000 others. barrels a day in New York.
The attack appears to use a ransomware group called DarkSide, according to Allan Liska, senior threat analyst at cybersecurity firm Recorded Future.
Hacking threats against critical infrastructure have escalated, prompting the White House to respond last month with a plan to try to increase the security of utilities and their providers. Pipelines are of particular concern because they play a central role in many sectors of the US economy.
The latest attack comes as the country’s energy industry braces for summer travel and higher fuel demand as economic restrictions linked to the pandemic are eased. It’s also a nasty reminder of how a cyber attack destroyed the communications systems of several U.S. pipeline operators in 2018.
The federal government is assessing the implications of the incident, including how to avoid supply disruptions and help the company resume operations as quickly as possible, a White House spokesperson said.
The US Department of Energy has said it is “monitoring any potential impact” on supplies, while the Federal Energy Regulatory Commission has said it is in “communication with other federal agencies, and we are working closely. working with them to monitor developments ”following the cyber attack.
The federal government is also working with state and local authorities on possible further steps.
When Colonial is running, fuel travels between three and five miles per hour. But a long-term shutdown could make the Northwest more dependent on supplies delivered by tanker. And it could take 10 to 14 days to make the trip to New York Harbor, according to a research note from ClearView Energy Partners.
Other options, such as operating a federal emergency stockpile of refined products in the Northeast, are “little more than a band-aid,” ClearView said. This gasoline supply reserve holds just 1 million barrels of gasoline in New York City, Boston and Maine, analysts noted.
Ransomware cases involve hackers who seed networks with malware that encrypts data and leaves machines locked down until victims pay extortion costs, which can range from a few hundred dollars to millions of dollars. dollars in cryptocurrency.
Utility information technology networks, which perform e-mail and other routine functions, and operational technology networks, which control the actual operation of the delivery of electricity or natural gas, are typically separated, so Colonial decided to close them temporarily. so unusual.
An April 2 blog post from cybersecurity firm Cybereason said that the people behind DarkSide are following the trend of ransomware ‘double extortion’, which means that they not only encrypt user data, but exfiltrate and render it. public if a ransom payment is not made.
Many companies pay the fees and recover their data. But even when this happens, they can shut down much of their networks as a precaution while they restore essential services and check for any signs that hackers have gained access to sensitive systems for other reasons, including spying. or other destructive attacks.
The Cybersecurity & Infrastructure Security Agency is “engaged with the company and our interagency partners to address the situation,” said Eric Goldstein, executive deputy director of CISA’s cybersecurity division. “This underscores the threat that ransomware poses to organizations regardless of their size or industry,” he said.
Federal Bureau of Investigation and Justice Department officials did not respond to requests for comment.
Senator Edward Markey, a Democrat from Massachusetts, said the United States has been left vulnerable by “an understaffed and under-prepared transportation safety administration.”
“We cannot ignore the long-standing inadequacies that have permitted and permitted cyber-intrusions into our critical infrastructure,” Markey said in a statement.
GOP Senator Ben Sasse of Nebraska said the latest intrusion showed that an infrastructure spending package soon to be considered by Congress should put “hardening critical infrastructure” to the fore.
Colonial said during Friday’s negotiation that it was having network issues, while two familiar people said they had difficulty submitting refined product batches, updates or changes to batch deliveries and nominations. using access to the Colonial Pipeline website. The Colonial website has been taken offline every time people have tried.
At the time, Colonial staff informed customers over the phone about technical issues, but did not say what was causing them.
The disruption could wreak havoc on fuel markets on Monday if not corrected. The refining margin for a combined barrel of gasoline and diesel, the so-called 321 crack spread, rose 2% on Friday after the colonial hiatus. Nymex gasoline futures rose 1.32 cents to $ 2.1269 per gallon.
The two main colonial lines outside the Houston refining center – Pasadena, Texas, Lines 1 and 2 to Greensboro, North Carolina – have not been full for months, with U.S. fuel demand dropping to its lowest in decades during the pandemic. This means that the fuel markets served by the line could be spared from supply shortages.
The colonial system is run from suburban Atlanta and is jointly owned by Koch and several other energy and investor interests. The East Coast fuel markets are also supplied by the Plantation pipeline jointly owned by Kinder Morgan and Exxon; East Coast refineries; and fuel shipments from eastern Canada and Europe.