Ransomware Attack Shuts Down A Top U.S. Gasoline Pipeline
A ransomware attack has shut down one of the largest refined products pipelines in the United States, and a security analyst said it shows that "core elements of our national infrastructure" remain vulnerable to cyberattack.
The cyber attack hit Colonial Pipeline, which carries gasoline, diesel and jet fuel from Texas to New York and moves about 45% of all fuel consumed on the East Coast.
In a statement late Friday, Colonial Pipeline said it was "the victim of a cybersecurity attack" though the company didn't say who launched the attack or what the motives were. On Saturday, the company issued an update saying it had "determined that this incident involves ransomware."
It's the latest high-profile ransomware incident and follows a recent attack that targeted the Washington, D.C., police department.
Colonial Pipeline said that, in response to the attack targeting its facilities, "we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems."
The company said it contacted federal agencies and law enforcement, as well as enlisting a third-party cybersecurity firm to help with an investigation "into the nature and scope of this incident."
The Georgia-based company transports more than 100 million gallons, or 2.5 million barrels of fuel daily, including gasoline, diesel fuel, home heating oil, jet fuel and fuels for the U.S. military through its pipeline system, according to the company's website.
The pipeline shutdown comes amid growing concerns over vulnerabilities in the country's infrastructure after several recent cyberattacks, including last year's attack at the software company SolarWinds that hit several U.S. government agencies, including the Pentagon, the Treasury Department, the State Department and the Department of Homeland Security, as reported by NPR.
The Biden administration is expected to respond to the SolarWinds attack with an executive order aimed at trying to help the country better protect itself against cyber attacks.
"The fact that this attack compromised systems that control pipeline infrastructure indicates that either the attack was extremely sophisticated or the systems were not well secured," said Mike Chapple, a computer science professor at Notre Dame.
"This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack," he said.
Chapple notes that securing infrastructure involves different federal agencies and requires centralized leadership. "Last year, Congress authorized the creation of a national cybersecurity director within the White House, but this position remains unfilled by the Biden administration," he said.
Colonial Pipeline said it is "taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline."