A ransomware cyberattack on the Colonial Pipeline Company, the biggest refined products pipeline in the US, has forced the fuel company to close, affecting fuel supplies to major transport hubs in the US.
The US government has evoked emergency powers and lifted various limits on the transport of fuels by road to ease the fallout from the continuing closure of the Colonial pipeline, which carries almost half the fuel consumed on the US east coast.
“This Declaration addresses the emergency conditions creating a need for immediate transportation of gasoline, diesel, jet fuel and other refined petroleum products and provides necessary relief,” the US transportation department said on Sunday.
Colonial transports 2.5m barrels of fuel a day from refineries on the Gulf Coast to Atlanta, Washington and New York. The company was forced to shut down after hackers seized their computer systems and data by installing illicit software, disrupting operations. Large pipelines rely on computerized automation systems to monitor the flows and pressure of petroleum products.
The cyber attackers are demanding money in exchange for releasing their hold over the systems.
Colonial said that its main lines remained offline but that some smaller lines had been restored. “We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said.
The shutdown has driven petrol prices up by as much as 4 percent. Gasoline demand in areas served by the pipeline rose about 4 percent on Saturday compared with the previous week, according to GasBuddy, indicating panic buying as consumers fretted over the potential for a prolonged outage.
If the services are not restored fast then the prices will shoot up further, said Patrick De Haan, head of petroleum analysis at data provider GasBuddy. “We’re realizing the gravity of it is maybe worse than what we’d expected,” said De Haan. “There’s still a little breathing room, we’re starting to run low on it. But Monday, Tuesday if there’s no news, you know we’re dealing with something fairly significant.” Gasoline demand in areas served by the pipeline rose about 4 percent on Saturday, according to GasBuddy, indicating panic buying.
The shutdown may force the US to increase petroleum imports, despite soaring domestic and gas production. “The base case is that it’s resolved quickly, but if not US gasoline and diesel prices will have to rise very significantly to draw in sufficient imports from Europe,” said Robert Campbell, head of oil products research at consultancy Energy Aspects.
The company carries refined products, covering more than 5,500 miles from Pasadena, Texas to Linden, New Jersey and New York Harbor. Refiners on Gulf Coast that send fuel eastwards will be forced to shut down too.
“This is definitely not a schoolboy prank. This is a highly sophisticated attack on a piece of critical infrastructure,” said Campbell.
There are growing concerns in the US over such ransomware attacks in critical US infrastructures. In addition, there has been an increase in such attacks from far away jurisdictions with no possibility of prosecution. The average ransom demands are more than $100,000, according to the US Department of Justice. Moreover, criminals demand cryptocurrencies such as bitcoin for ransom payout, which are difficult to trace.
A White House spokesperson said US president Joe Biden had been briefed on the issue and the federal government was “working actively to assess the implications of this incident, avoid disruption to supply, and help the company restore pipeline operations as quickly as possible”.