Energy

Ransomware attack forces shutdown of largest fuel pipeline in the U.S.

Key Points
  • Colonial Pipeline fell victim to a cybersecurity attack on Friday that involved ransomware, forcing it to temporarily shut down all pipeline operations.
  • Colonial transports nearly half of the East Coast's fuel supply through a system that spans over 5,500 miles between Texas and New Jersey.
  • The pipeline transports gasoline, diesel, home heating oil and jet fuel. It also supplies the military.
  • John Kilduff, a partner at Again Capital in New York, said the U.S. will see spot shortages of gasoline, diesel and jet fuel develop rapidly if the outage persists.
  • President Joe Biden was briefed on the incident Saturday morning, according to the White House.
Signage is displayed on a fence at the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama, U.S., on Monday, Sept. 19, 2016.
Luke Sharrett | Bloomberg | Getty Images

The operator of the country's largest fuel pipeline, Colonial Pipeline, fell victim to a cybersecurity attack on Friday that involved ransomware, forcing it to temporarily shut down all pipeline operations and raising concern that the outage could lead to spot shortages of gas, diesel and jet fuel.

The company confirmed it was the victim of a ransomware attack Saturday.

Colonial Pipeline has hired a third-party cybersecurity firm to launch a probe into the incident and has contacted law enforcement and other federal agencies. The cyberattack has affected some of its IT systems too.

The F.B.I. was notified of the disruption on Friday and is working closely with the company and government partners, a spokesperson said Saturday.

Colonial Pipeline, which transports nearly half of the East Coast's fuel supply, said it is "taking steps to understand and resolve this issue."

"At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation," the company said in a statement.

"This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline," the company said.

President Joe Biden was briefed on the incident Saturday morning and the federal government is working to avoid supply disruptions, according to a White House spokesperson.

"The federal government is working actively to assess the implications of this incident, avoid disruption to supply, and help the company restore pipeline operations as quickly as possible," the spokesperson said.

Colonial operates the largest refined products pipeline in the U.S., transporting 100 million gallons or 2.5 million barrels per day, according to its website. Refined products include gas, diesel, home heating oil and jet fuel. The pipeline also supplies the U.S. military.

Colonial's system spans over 5,500 miles between Texas and New Jersey, connecting refineries on the Gulf Coast to more than 50 million people in the southern and eastern U.S., according to the company.

Colonial Pipeline is privately held by five entities: CDPQ Colonial Partners, IFM (U.S.) Colonial Pipeline 2, KKR-Keats Pipeline Investors, Koch Capital Investments Company, and Shell Midstream Operating.

Fuel market impact

John Kilduff, a partner at Again Capital in New York, said the U.S. will see spot shortages of gasoline, diesel and jet fuel develop rapidly if the outage persists.

"It appears that it was a ransomware attack, rather than a state actor, but it highlights the significant software vulnerability across the industry," Kilduff said. "If there's is not a resumption of operations by tomorrow night or at least some clarity on a resumption, gasoline prices will skyrocket on the open of trading Sunday night."

Andy Lipow, president of Texas-based Lipow Oil Associates, said an outage that last one to two days would cause some minor inconveniences and that more widespread impact would occur after four to five days of shutdown.

Microsoft and Amazon call for regulation as crypto laundering grows
VIDEO3:1803:18
Microsoft and Amazon call for regulation as crypto laundering grows

There could be potential sporadic outages as well if a specific terminal was relying on a delivery today or tomorrow and that is now delayed, Lipow said.

"Unlike the February freeze or hurricane, refineries are still in operation turning crude into gasoline, jet and diesel. They just can't get it to the terminals," Lipow said. "An extended colonial pipeline outage will force refiners to reduce their operating rates as inventory in the refinery fills up."

"While they may not be able to ship it to Colonial, the refineries will certainly be able to continue shipping to the Midwest markets," Lipow said.

Federal response

The Biden administration in April announced a 100-day plan to protect the country's electric system supply chain from cyberattacks amid growing concerns over how vulnerable the U.S. power supply is to cyber threats.

The Federal Energy Regulatory Commission, which oversees interstate pipelines, said it is aware of the cyberattack and is monitoring the situation.

 "We are aware of what appears to have been a serious cyberattack on the Colonial Pipeline system," Chairman Richard Glick said in a statement to CNBC. "FERC is in communication with other federal agencies, and we are working closely with them to monitor developments."

The U.S. Department of Energy is coordinating with Colonial Pipeline, the energy sector, states and interagency partners to support response efforts, according to an agency spokesperson.

"DOE is also working closely with the energy sector coordinating councils and the energy information sharing and analysis centers, and is monitoring any potential impacts to energy supply," the spokesperson told CNBC.

Eric Goldstein, executive assistant director of the cybersecurity division at the Cybersecurity and Infrastructure Security Agency, said the agency is working with Colonial Pipeline and interagency partners.

"This underscores the threat that ransomware poses to organizations regardless of size or sector," Goldstein said.

CrowdStrike CEO says 2020 was the worst year on record for cyberattacks
VIDEO0:0000:00
CrowdStrike CEO says 2020 was the worst year on record for cyberattacks