Major US pipeline shut by ransomware attack
WASHINGTON: The largest fuel pipeline system in the United States was forced to shut down its entire network after a ransomware attack, the operating company said in a statement on Saturday (May 8).
The Colonial Pipeline Company ships gasoline and jet fuel from the Gulf Coast of Texas to the populous East Coast through 8,850km of pipeline, serving 50 million consumers.
It said it had been “the victim of a cybersecurity attack” which involved ransomware – attacks that encrypt computer systems and seek to extract payments from operators.
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” it said.
“A leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies,” the statement continued.
Colonial, based in the southern state of Georgia, is the largest pipeline operator in the United States by volume, transporting 2.5 million barrels of gasoline, diesel fuel, jet fuel and other refined petroleum products per day.
The attack prompted calls from cybersecurity experts for improved oversight of the industry to better prepare for future threats.
“MORE FREQUENT ATTACKS”
“This attack is unusual for the US. But the bottom line is that attacks targeting operational technology – the industrial control systems on the production line or plant floor – are becoming more frequent,” said Algirde Pipikaite, cyber strategy lead at the World Economic Forum’s Centre for Cybersecurity.
“Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants.”
Eric Goldstein, an executive assistant director at the US Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, said CISA was “engaged” with the company over the situation.
“This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats,” he said.
The US was rocked in recent months by news of two major cybersecurity breaches – the massive SolarWinds hack that compromised thousands of US government and private sector computer networks and was officially blamed on Russia; and a potentially devastating penetration of Microsoft email servers.
The latter is believed to have affected at least 30,000 US organizations including local governments and was attributed to an aggressive Chinese cyberespionage campaign.
Both breaches appeared to be aimed at stealing emails and data but they also created “back doors” that could allow attacks on physical infrastructure, according to The New York Times.