Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cyberattack Forces Shutdown of Major U.S. Pipeline

Colonial Pipeline

Colonial Pipeline halts all fuel pipeline operations in response to ransomware attack

Colonial Pipeline

Colonial Pipeline halts all fuel pipeline operations in response to ransomware attack

A cyberattack has forced an operational shutdown of the Colonial Pipeline, the largest refined products pipeline in the United States.

The Colonial Pipeline Company said late Friday that it was the victim of a cyberattack, sparking the company to proactively take certain systems offline and temporarily halt all pipeline operations. The company said the attack had impacted some of its IT systems, but did not say if any of its operational technology (OT) systems were directly impacted.

Colonial said in an update Saturday that the incident does involve ransomware.

[Update: Colonial Pipeline Aims Recovery From Ransomware Attack by End of Week

[UpdateColonial Pipeline Struggles to Restart After Ransomware Attack]

[UpdateCyberattack on US Pipeline is Linked to Criminal Gang]

The company has hired a third-party cybersecurity firm (reportedly FireEye) which has already launched an investigation into the nature and scope of this incident.

Advertisement. Scroll to continue reading.

“Colonial Pipeline is taking steps to understand and resolve this issue,” the pipeline operator said in a statement. “At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”

The Colonial Pipeline is the largest refined products pipeline in the United States, transporting more than 100 million gallons of fuel daily through a pipeline system that spans more than 5,500 miles between Houston, Texas and Linden, New Jersey. 

Colonial Pipeline Cyberattack

The incident comes just days after the U.S. National Security Agency (NSA) released a cybersecurity advisory focusing on the security of OT systems, particularly in terms of connectivity to IT systems.

Last year, the NSA and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert urging critical infrastructure operators to take immediate measures to reduce the exposure of OT systems to cyberattacks. 

In 2019, an audit from the Government Accountability Office (GAO) showed that the U.S. Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) needed to address weaknesses in the management of key aspects of its pipeline security program.

Learn More About ICS Security at SecurityWeek’s ICS Cyber Security Conference

In 2014, several natural gas pipeline operators in the United States were affected by a cyberattack that hit a third-party communications system, but the incident did impact operational technology.

Following a review in how the TSA manages its pipeline security program, the GAO made a series of recommendations in December 2018 to address discovered weaknesses, which include updating pipeline security guidelines, planning for workforce needs, assessing pipeline risks, and monitoring program performance.

Back in 2012, the Department of Homeland Security (DHS) warned that malicious actors had been targeting the natural gas industry. 

*Updated with commentary

Related: Cyber Attacks Targeted Key Components of Natural Gas Pipeline Systems

Related: Several U.S. Gas Pipeline Firms Affected by Cyberattack

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...