Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Colonial Pipeline Struggles to Restart After Ransomware Attack

Operators of the Colonial Pipeline are struggling to get fuel flowing at normal capacity after a cyberattack forced a shutdown of distribution system, the largest refined products pipeline in the United States.

Operators of the Colonial Pipeline are struggling to get fuel flowing at normal capacity after a cyberattack forced a shutdown of distribution system, the largest refined products pipeline in the United States.

The Colonial Pipeline Company was the victim of a ransomware attack that triggered the company to halt all pipeline operations on Friday.

The company said Sunday evening that it was developing a system restart plan, but that some smaller lateral lines between terminals and delivery points are now operational. 

Colonial’s mainlines (Lines 1, 2, 3 and 4) remain offline as of Sunday night.

“We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations,” the company said in a statement.

“At this time, our primary focus continues to be the safe and efficient restoration of service to our pipeline system, while minimizing disruption to our customers and all those who rely on Colonial Pipeline. We appreciate the patience and outpouring of support we have received from others throughout the industry.”

The Colonial Pipeline is the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily through a pipeline system that spans more than 5,500 miles between Houston, Texas and Linden, New Jersey. 

Colonial Pipeline Cyberattack

The pipeline operator is reportedly working with FireEye on the incident response and investigation. 

Advertisement. Scroll to continue reading.

“The initial information available from Colonial Pipeline and the press coverage seems to indicate that they had the processes in place to detect and contain this type of attacks – before it had an opportunity to be exploited further and cause more damage,” Edgard Capdevielle, CEO of Nozomi Networks, told SecurityWeek. “ I’m sure there will be a financial impact for having to take systems offline in this containment, but imagine an attack where they didn’t have the systems and processes in place and they lost control of their business for an extended period of time. It would make the cost of proactively taking things offline look like a rounding error.”

Not without warning

The incident comes just days after the U.S. National Security Agency (NSA) released a cybersecurity advisory focusing on the security of OT systems, particularly in terms of connectivity to IT systems.

Last year, the NSA and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert urging critical infrastructure operators to take immediate measures to reduce the exposure of OT systems to cyberattacks. 

In 2019, an audit from the Government Accountability Office (GAO) showed that the U.S. Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) needed to address weaknesses in the management of key aspects of its pipeline security program.

Learn More About ICS Security at SecurityWeek’s ICS Cyber Security Conference

In 2014, several natural gas pipeline operators in the United States were affected by a cyberattack that hit a third-party communications system, but the incident did impact operational technology.

Following a review in how the TSA manages its pipeline security program, the GAO made a series of recommendations in December 2018 to address discovered weaknesses, which include updating pipeline security guidelines, planning for workforce needs, assessing pipeline risks, and monitoring program performance.

The Department of Homeland Security (DHS) also warned back in 2012 that malicious actors had been targeting the natural gas industry. 

RelatedCyber Attacks Targeted Key Components of Natural Gas Pipeline Systems

Related: Several U.S. Gas Pipeline Firms Affected by Cyberattack

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...