Main US pipeline halts operations after ransomware assault – KIRO 7 Information Seattle

WASHINGTON – (AP) – The operator of a large pipeline system that carries fuel across the east coast announced Saturday that it had fallen victim to a ransomware attack and had suspended all pipeline operations to deal with the threat.

Colonial Pipeline didn’t say what was asked from whom, but ransomware attacks are usually carried out by criminal hackers who confiscate data and charge a hefty payment to release it.

The attack on a pipeline operator, which claims to supply around 45% of all fuel consumed on the east coast, once again underscored the vulnerability of critical infrastructures to cyber attacks by both criminal hackers and US opponents. It presents a new challenge for a government still grappling with its response to major hacks from months ago, including a massive breach of government agencies and corporations for which the US sanctioned Russia last month.

In that case, Colonial Pipeline said that Friday’s ransomware attack affected some of its information technology systems and that the company was “proactive” to bring certain systems online and shut down the pipeline.

Based in Alpharetta, Georgia, the company transports gasoline, diesel, jet fuel and heating oil from refineries located primarily on the Gulf Coast via pipelines from Texas to New Jersey.

The company said it hired a cybersecurity firm to investigate the nature and scope of the attack and has also reached out to law enforcement and federal agencies.

In a statement late Friday, Colonial Pipeline said it is “taking steps to understand and resolve this issue” and is focusing primarily on “the safe and efficient restoration of our service and our efforts to return to normal operations.” concentrated. It said it was “working diligently to address this issue and minimize disruption for our customers and those who depend on Colonial Pipeline.”

While there have long been fears that US adversaries could disrupt American utilities, ransomware attacks by criminal syndicates are far more common and have increased dramatically in recent times.

Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices will depend on how long the pipeline is down. A day or two of downtime would be minimal, he said, but a five or six day downtime could create bottlenecks and price increases, particularly in an area from central Alabama to Washington, DC.

Lipow said a major concern about an extended delay is the supply of jet fuel necessary to operate large airports like those in Atlanta and Charlotte, North Carolina.

Robert Lee, CEO of Dragos, a leading expert on industrial control systems, said systems like those that directly control the operation of the pipeline have increasingly been connected to computer networks over the past decade.

However, critical infrastructure companies in the energy and electricity industries have also tended to have invested more in cybersecurity than other sectors. If the Colonial shutdown was largely precautionary – and detected the ransomware attack early and was well prepared – the impact may not be great.

Ransomware uses encryption to encrypt the data of a victim organization. The criminals leave ransom payment negotiation instructions on infected computers and provide software decryption keys after payment.

Mike Chapple, professor of IT, analytics and operations teaching at Mendoza College of Business at Notre Dame University and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and be vulnerable to cyber intrusion.

“The attacks were extremely sophisticated and could break down some pretty sophisticated security checkpoints or the right level of security checkpoints did not exist,” said Chapple.

Brian Bethune, a professor of applied economics at Boston College, also said the impact on consumer prices should be short-lived as long as the shutdown doesn’t last more than a week or two. “But it’s an indication of how vulnerable our infrastructure is to these types of cyberattacks,” he said.

Bethune noted that the shutdown comes at a time when energy prices have already risen as the economy reopens as the pandemic restrictions are lifted. According to the AAA Auto Club, the national average for a gallon of regular gasoline has increased four cents since Monday to $ 2.94.

Colonial Pipeline said it carries more than 100 million gallons of fuel daily through a pipeline system that extends for more than 5,500 miles.

The FBI and the White House National Security Council did not immediately return comments. The federal agency for cybersecurity infrastructure and security referred questions about the incident to the company.

A failed attempt by a hacker to poison the water supply of a small Florida town raised alarms about how vulnerable the country’s critical infrastructure could be to attacks by more sophisticated intruders.

Anne Neuberger, the Biden government’s assistant national security advisor on cybersecurity and emerging technologies, said in an interview with The Associated Press in April that the government is making renewed efforts to help electricity utilities, water districts and other critical industries protect themselves from potentially harmful cyberattacks help. She said the goal is to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity.

Since then, the White House has announced a 100-day initiative aimed at protecting the country’s electricity system from cyberattacks by encouraging power plant and utility owners and operators to improve their skills in identifying cyber threats to their grids. It contains concrete milestones for the use of technologies so that you can recognize interventions in real time and react to them. The Justice Department has also announced a new task force dedicated to combating ransomware attacks.

___

Suderman reported from Richmond, Virginia. Frank Bajak in Boston and Martin Crutsinger and Michael Balsamo in Washington contributed to this report.