Colonial shut the pipeline on Friday after the company’s corporate computer systems were hit by a ransonware attack, raising fears of a spike in gasoline prices going into the peak summer driving season. News earlier Monday that the pipeline company was planning a phased restart helped tamp down an early jump in wholesale prices, but the attack on the crucial energy infrastructure has left energy markets on edge.
The company late Monday statement did not disclose what type of fuel Colonial is shipping in the stretch of pipe that runs from Greensboro, N.C., to Maryland, but it said the main lines from the refining hub near Houston to North Carolina remained shut.
“We continue to evaluate product inventory in storage tanks at our facilities and others along our system and are working with our shippers to move this product to terminals for local delivery,” the company said in a statement. It said the North Carolina-to-Maryland segment was “operating under manual control for a limited period of time while existing inventory is available.”
Meanwhile, Colonial Pipeline CEO Joseph Blount told state officials in a private meeting that supply shortages could occur even as the company seeks to restart the pipeline by the end of the week, Bloomberg News reported on Monday night. The pipeline would not resume shipments until the ransomware that infected its IT systems last week was removed, Bloomberg reported, citing a person familiar with the discussion.
Earlier on Monday, President Joe Biden said he is receiving briefings on the pipeline’s status, and that the Energy Department is working with the Georgia-based company on the restart. The FBI is investigating the attack, and the Transportation Department has lifted restrictions on truckers to help ease fuel deliveries.
“We’re prepared to take additional steps depending on how quickly the company is able to bring [the] pipeline back to full operational capacity,” he told reporters.
Biden also said there was no evidence the Kremlin was involved in the episode, but that the attack’s software came out of Russia, so “they have some responsibility to deal with this.”
The FBI confirmed on Monday that the DarkSide ransomware gang, which is based in Russia, was responsible for the compromise of the Colonial Pipeline networks.
“Our intelligence community is looking for any ties to any nation-state actors, and if we find that further information, we’ll look into it further,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, told reporters at the White House press briefing on Monday.
Wholesale gasoline prices, which had initially jumped after the attack, gave back the gains and were heading lower in Monday evening trade on the NYMEX futures market.
Colonial, which has engaged the services of leading cybersecurity firm FireEye, has not requested the government’s help in responding to the digital intrusion, Neuberger said. Asked on Monday whether that limited the government’s visibility into the threat, Neuberger said that the Biden administration was “happy that they are confident in their ability to remediate the incident.”
The Colonial hack has revitalized the debate about whether ransomware victims should pay to regain access to their data and whether the government should ban such ransom payments. The FBI and other agencies typically discourage victims from paying a ransom but also acknowledge the difficult position in which this would put them.
Neuberger declined to publicly offer advice to Colonial one way or the other during Monday’s briefing.
“We recognize that victims of cyberattacks often face a very difficult situation, and they have to balance the cost-benefit when they have no choice with regard to paying a ransom,” Neuberger said. “Colonial is a private company, and we’ll defer any information regarding their decision on paying a ransom to them.”
At Monday’s briefing, White House Homeland Security adviser Elizabeth Sherwood-Randall said the Department of Energy was talking to state and local agencies to assess fuel supplies and other impacts from the shutdown.
“There are no supply disruptions and the [DOE] is doing the analysis right now about potential supply disruption,” Sherwood-Randall said. “We’re working with other agencies to consider how, if necessary, we can move supplies to a place where it might be needed if it turns out that there is a shortfall.”
The Energy Department has also convened representatives of the oil and natural gas and electric industries to share details about ransomware attacks and recommend measures to mitigate further incidents, Sherwood-Randall said.