Security Experts:

Connect with us

Hi, what are you looking for?



Regulator Proposes $1 Million Fine for Colonial Pipeline One Year After Cyberattack

Colonial Pipeline hack

Colonial Pipeline hack

One year after Colonial Pipeline was hit by a highly disruptive cyberattack, the US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) wants the company to pay a fine of nearly $1 million over failures that allegedly worsened the impact of the hack.

The PHMSA has proposed civil penalties of $986,000 for the operator of the largest fuel pipeline in the US for what it has described as control room management failures.

In May 2021, Colonial Pipeline was forced to shut down operations after its systems became infected with ransomware. The attack involved the Russia-linked Darkside ransomware and it had significant implications, including states declaring a state of emergency, temporary gas shortages caused by panicked motorists stocking up, and gas price hikes.

The pipeline was restarted five days after the attack was discovered. The company confirmed that it paid the cybercriminals for a tool designed to help it recover files encrypted by the ransomware, but that tool was ultimately not enough to immediately restore systems.

The PHMSA believes that “failures to adequately plan and prepare for a manual restart and shutdown operation contributed to the national impacts when the pipeline remained out of service after the May 2021 cyber-attack.”

These failures did not come to light after the 2021 cyberattack. Instead, they were found during an investigation conducted between January and November 2020. Colonial Pipeline was allegedly informed at the time about several violations of federal pipeline safety regulations, including many related to supervisory control and data acquisition (SCADA) and other industrial control systems (ICS).

Colonial told Reuters that the notice issued by the PHMSA is the first step in a multi-step regulatory process and the company is looking forward to working with the regulator. Colonial’s statement to Reuters suggests that it’s happy with the time it took to restart the pipeline following the attack.

Commenting on the first anniversary of the Colonial ransomware attack, Kudelski Security CEO Andrew Howard said, “This kind of incident is often characterized by media and security leaders as an attack on an operational technology (OT) system. Now that we understand the full details of the attack a year later, we know that while an OT-oriented company was targeted, compromised billing systems on the IT network are what created the vulnerability. The systems that actually moved and controlled oil on the pipeline were not compromised. While companies should absolutely be concerned about the security of their operational technology systems, it’s crucial not to lose sight of the IT functions in and around such systems.”

“Across our client base, we have seen a material uptick in proactive OT-related security concerns following the Colonial Pipeline hack. While this specific attack received a lot of attention, it was not the first attack of an operational technology network and certainly won’t be the last – it represents the new normal of cybersecurity attacks we’re going to see in the future,” Howard said.

Benny Czarny, founder and CEO of OPSWAT, believes the incident highlighted the need for a managed security operations center (SOC), with “operationalization of ransomware response and professional response teams and services.”

As an example, Czarny named a managed OT SOC, which provides “better performance monitoring of all systems, enforcing standard change management processes, vetting and deploying updates, and immediately reacting to any potential threats.”

Czarny added, “Organizations have also learned the need to assess both livelihood and financial risks. From a livelihood perspective, critical organizations now understand both cyber and physical risks, including prioritization of risk areas, and asset management and containment of attacks through more aggressive segmentation of critical data.

“From a financial risk perspective, Colonial Pipeline and other critical infrastructure attacks have taught organizations NOT to pay. There is no guarantee they will regain access or that data has not already been leaked or stolen. Payment also reinforces future and more sophisticated attacks—and it could be a US Sanctions Violation.”

Related: Tech Audit of Colonial Pipeline Found ‘Glaring’ Problems

Related: Colonial Pipeline Names Adam Tice as Chief Information Security Officer

Related: Industry Reactions to Ransomware Attack on Colonial Pipeline

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.