The country’s largest fuel pipeline operator, Colonial Pipeline, fell victim to a cybersecurity attack targeting ransomware on Friday, forcing the company to temporarily suspend all pipeline operations, the company said in a statement on Saturday.
The company hired an outside cybersecurity firm to investigate the incident and reached out to law enforcement and other federal agencies. The cyber attack also affected some of its IT systems.
The Colonial Pipeline, which carries nearly half of the east coast’s fuel supplies, said it was “taking steps to understand and solve this problem.”
“Right now, our main focus is on the safe and efficient restoration of our service and our efforts to get back to normal operations,” said a company statement.
“This process is already underway and we are working diligently to address this issue and minimize disruption for our customers and those who depend on Colonial Pipeline,” the company said.
Colonial operates the largest refined product pipeline in the United States, according to its website, shipping 2.5 million barrels a day. Refined products include gas, diesel, heating oil, and jet fuel.
Colonial’s system spans more than 5,500 miles between Texas and New Jersey, connecting refineries on the Gulf Coast to more than 50 million people in the southern and eastern United States, the company said.
The Federal Energy Regulatory Commission, which oversees interstate pipelines, said it was aware of the cyberattack and is monitoring the situation.
“We are aware that it appears to be a serious cyber attack on the Colonial Pipeline system,” said chairman Richard Glick in a statement to CNBC. “FERC is in communication with other federal agencies and we are working closely with them to monitor developments.”
The Biden government announced a 100-day plan in April to protect the country’s electrical systems supply chain from cyberattacks amid growing concerns over the vulnerability of U.S. power supplies to cyber threats.
A US Department of Energy spokesman said the department is coordinating with Colonial Pipeline, the energy sector, states and interacting partners to support the response effort.
“DOE also works closely with the coordination councils of the energy sector and the centers for the exchange and analysis of energy information and monitors possible effects on the energy supply,” the spokesman told CNBC.
Andy Lipow, president of Lipow Oil Associates, based in Texas, said an outage that would last a day or two would cause some minor inconvenience and greater impact after four to five days of shutdown.
There could also be possible sporadic outages if a certain terminal was dependent on a delivery today or tomorrow and this is now delayed, said Lipow.
“Unlike the February frost or the hurricane, refineries are still operating, converting crude oil into gasoline, jet and diesel. They just can’t get it to the terminals,” said Lipow. “Prolonged colonial pipeline downtime will force refineries to lower their operating rates as refinery stocks fill up.”
“While they may not be able to ship it to Colonial, the refineries will certainly continue to ship to the Midwestern markets,” said Lipow.
John Kilduff, a partner at Again Capital in New York, said that if the outage persists, gasoline, diesel, and jet fuel shortages will quickly emerge in the United States.
“It appears that it was more of a ransomware attack than a state actor, but it shows the significant security flaw across the industry,” said Kilduff. “If there is no resumption of operations or at least no clarity about a resumption by tomorrow evening, gasoline prices will skyrocket on Sunday evening.”
Colonial Pipeline is privately owned by five companies: CDPQ Colonial Partners, IFM (US) Colonial Pipeline 2, KKR-Keats Pipeline Investors, Koch Capital Investments Company, and Shell Midstream Operating.