How a Key U.S. Pipeline Got Knocked Out by Hackers
(Bloomberg) -- One of the most important energy pipelines in the U.S. has been closed by a cyberattack. Colonial Pipeline -- a critical source of supply for the New York region -- was the victim of the biggest ransomware attack on a U.S. fuel pipeline and halted all operations on its system late Friday. It’s the latest such attack on U.S. critical infrastructure.
1. What is Colonial Pipeline?
Founded in 1962, Colonial connects refineries primarily in the Gulf Coast with customers and markets throughout the southern and eastern U.S. through a pipeline system that spans more than 5,500 miles (8,850 kilometers). Colonial says it transports about 45% of all fuel consumed on the East Coast, providing refined products to more than 50 million Americans.
2. Which types of fuel?
It is a major transporter of gasoline, diesel and jet fuel, with the capacity to send about 2.5 million barrels a day from Houston as far as North Carolina, and another 900,000 barrels a day to New York. The company also supplies fuel to the U.S. military. The majority of the system is underground.
3. What is ransomware?
It’s a form of malicious software, “malware” for short, that essentially makes files and data stored on computers inaccessible, effectively holding a device hostage until a fee is paid to restore it to normal. If victims don’t pay, either they restore files from a backup or lose them forever. In many cases, hackers give victims a deadline -- say 72 hours -- after which the price doubles. If the targets refuse to pay, their computers will be permanently locked -- a serious problem for people who haven’t backed up their data.
4. Who carried out this attack?
The Federal Bureau of Investigation attributed the breach to ransomware created by a group called DarkSide. While the inquiry remains in its early stages, some evidence emerged linking DarkSide to Russia or elsewhere in Eastern Europe. President Joe Biden said Russia has “some responsibility” to address the attack but stopped short of blaming the Kremlin, saying “there’s evidence” the hackers or the software they used are “in Russia.” DarkSide first surfaced in August 2020, according to a blog postfrom the cybersecurity firm Cybereason, and uses the double extortion method in which it not only encrypts a victim’s data but exfiltrates it and threatens to make it public unless the ransom is paid.
5. Has this happened before?
Colonial is just the latest example. According to data compiled by Temple University, there were 396 ransomware attacks on critical infrastructure in 2020, up from 205 in 2019 and 70 in 2018. Hackers are increasingly attempting to infiltrate essential services such as electric grids and hospitals. The escalating threats prompted the White House to respond in April with a plan to increase security at utilities and their suppliers. Pipelines are a specific concern because of the central role they play in the U.S. economy.
6. Who might be affected first by the shutdown?
A key concern is meeting product demand in the U.S. southeast, which is especially dependent on the Colonial system, people familiar with the situation said. Drivers in landlocked and car-dependent Atlanta may be the first to feel the pinch at the pump. The Northeast can secure gasoline shipments from Europe but it will come at an increasing cost the longer the pipeline stays shut.
7. Is there an alternative route for the fuels?
One potential way is the Kinder Morgan-operated Plantation Pipeline, even though it only extends as far north as Washington, D.C., and has a capacity of 720,000 barrels a day, far short of Colonial’s. And while all of the major segments of Colonial’s system remain offline, some smaller so-called laterals connecting specific fuel terminals to delivery points are in service. Meantime, President Biden has at his disposal an array of emergency powers that could help alleviate the pressure.
The Reference Shelf
©2021 Bloomberg L.P.