On Sunday, the U.S. Department of Transportation issued an emergency declaration for 17 states and the District of Columbia in the wake of a cyberattack on the Colonial pipeline on Friday. The declaration permitted fuel to be transported by road to Alabama, Arkansas, the District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.
One expert told Politico the ransomware attack was “the most significant and successful attack on energy infrastructure we know of in the United States.” Politico reported, “The attack on the Colonial Pipeline, which runs 5,500 miles and provides nearly half the gasoline, diesel and jet fuel used on the East Coast, most immediately affected some of the company’s business-side computer systems — not the systems that directly run the pipelines themselves. The Georgia-based company said it shut down the pipelines as a precaution and has engaged a third-party cybersecurity firm to investigate the incident.”
If the subsequent outage is not corrected within days, the eastern half of the United States, which reportedly receives 45% of fuel from the pipeline, could see a surge in gas, oil, and diesel prices.
On Sunday, Colonial issued a statement saying, “The Colonial Pipeline operations team is developing a system restart plan. While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.… At this time, our primary focus continues to be the safe and efficient restoration of service to our pipeline system, while minimizing disruption to our customers and all those who rely on Colonial Pipeline.”
The Department of Transportation declaration stated:
This Emergency Declaration provides for regulatory relief for commercial motor vehicle operations while providing direct assistance supporting emergency relief efforts transporting gasoline, diesel, jet fuel, and other refined petroleum products into the Affected States during the emergency from shortages due to the shutdown, partial shutdown, and/or manual operation of the Colonial pipeline system.
According to government sources, one of the suspected entities that may have targeted the pipeline is DarkSide, a Russian hacking outfit. DarkSide has attacked CompuCom, a subsidiary of Office Depot, and also attacked the rental car company Enterprise.
“The hackers who caused Colonial Pipeline to shut down the biggest U.S. gasoline pipeline on Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, according to people familiar with the matter,” Bloomberg News reported, adding, “The intruders, who are part of a cybercrime gang called DarkSide, took nearly 100 gigabytes of data out of the Alpharetta, Georgia-based company’s network in just two hours on Thursday, two people involved in Colonial’s investigation said.”