“I’m unaware anything approaching this magnitude in the U.S.,” said Bob McNally, president of energy consultancy Rapidan Energy, who served on the National Security Council during the George W. Bush administration. “In the U.S., this is a new escalation, a much more important attack on a vital piece of infrastructure.”
The strike against Colonial was a ransomware attack, according to a security researcher who requested anonymity to speak freely. CISA believes that the intrusion is the work of the criminal ransomware gang known as Darkside and not a nation-state, the researcher said. CISA did not immediately respond to a request for comment.
Sen. Ben Sasse (R-Neb.) said the attack is the latest indication that the government isn’t ready for potentially debilitating cyber strikes.
“There’s obviously much still to learn about how this attack happened, but we can be sure of two things: This is a play that will be run again, and we’re not adequately prepared,” Sasse said in a statement. “If Congress is serious about an infrastructure package, at front and center should be the hardening of these critical sectors — rather than progressive wishlists masquerading as infrastructure.”
Fuel imports into New York Harbor should cushion the blow for drivers in Baltimore and places north, market analysts said. But if Colonial remains down past the start of this coming week, drivers could begin to hoard fuel and prices will rise dramatically even before the normal start of the summer driving season, when prices normally increase.
“Colonial delivers products to terminals every five days,” said Andy Lipow, president of consulting firm Lipow Oil Associates. “There may be some terminals that had been depending on deliveries yesterday, today or tomorrow that will be immediately affected. But on a widespread basis, in four to five days you’ll see signs of impact, especially when consumers get wind of what’s going and start filling up their cars.”
Colonial said it is working to restore its service and return to normal operations. In response to a request for comment, a company spokesperson said they have no additional details to provide at this time.
The FBI, the Department of Energy and Federal Energy Regulatory Commission could not be immediately reached for comment.
Improving cybersecurity in the energy sector has been a key task for several federal agencies. Last month, the DOE and CISA launched an initiative to work with industrial control system operations in the electric sector to improve cybersecurity detection.
Colonial Pipeline is the largest refined products pipeline in the United States, transporting 2.5 million barrels per day, and about 45 percent of all fuel consumed on the East Coast, including gasoline, diesel, jet fuel and heating oil.
The pipeline attack could be a litmus for the Biden administration’s overall cyber strategy, which has been slowly taking shape. So far, officials have been keen on using sanctions and indictments to respond to major events, as seen in President Joe Biden’s executive order last month in response to the months-long SolarWinds hack on federal government agencies and about 100 companies. And the latest development has the potential to put more pressure on the Biden administration and lawmakers as they debate adding cybersecurity funding to the administration’s $2 trillion-plus infrastructure proposal, which has been scrutinized for lacking those funds.
Last year, a crack in in the pipeline that went undetected for days or weeks leaked 1.2 million gallons of gasoline in a nature preserve near Charlotte, N.C. And in February, hackers gained access to a water treatment facility’s computer system near Tampa, Florida, and attempted to raise the amount of sodium hydroxide, or lye. Russian military hackers also targeted computer systems belonging to banks, energy firms, senior government officials and airports in Ukraine in June 2017 as a part of the so-called “NotPetya” cyberattack.
Sam Sabin and Eric Geller contributed to this report.