A cyberattack has forced Colonial Pipeline to halt operations of its 5,500 miles of pipeline, which transports approximately 45% of all fuel consumed on the East Coast.
What Happened on the Cyberattack?
On May 8, 2021, Colonial Pipeline had to shut down a 5,500-mile fuel pipeline from Texas to New Jersey after its network experienced a ransomware attack. This attack follows a long list of other, recent high-profile cyber attacks in recent months.
Colonial Pipeline, one of the largest pipeline operators in the U.S., released a statement saying that it took certain systems offline on Friday and temporarily halted all pipeline operations, after learning that it was a victim of a cyberattack.
Colonial has engaged a third-party cybersecurity firm to launch an investigation, and federal authorities and law enforcement have also been contacted.
“At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline,” the statement read.
This disruption could affect supplies of both gasoline and diesel fuel, according to Bloomberg.
Colonial transports approximately 45% of all fuel consumed by the East Coast. A shutdown could hit energy markets in the coming days.
The company’s pipeline transports 2.5 million barrels each day, taking refined gasoline, diesel fuel and jet fuel from the Gulf Coast up to New York Harbor through 5,500 miles of pipelines.
“It’s a serious issue,” NYT quoted Tom Kloza, analyst at Oil Price Information Service, as saying. “It could snarl things up because it is the country’s jugular aorta from moving fuel from the Gulf Coast up to New York.”
As experts in cybersecurity and officials have noted, cybercrime has been dramatically increasing since the SolarWinds attack, targeting important infrastructures such as hospitals, manufacturers, and government entities. Companies are often hesitant to disclose information about security incidents, frequently making it difficult to gauge the timeframe and scope of a cyberattack and making it even more challenging to keep networks secure.