A cyberattack forced the temporary shut down of one of the US’ largest pipelines Friday, highlighting already heightened concerns over the vulnerabilities in the nation’s critical infrastructure.
The operator, Colonial Pipeline, said Saturday that the incident involves ransomware.
The attack comes amid rising concerns over the cybersecurity vulnerabilities in America’s critical infrastructure following recent incidents, and after the Biden administration last month launched an effort to beef up cybersecurity in the nation’s power grid, calling for industry leaders to install technologies that could thwart attacks on the electricity supply.
Colonial, which transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor, according to its website, said it learned of the cyberattack on Friday, causing them to pause operations.
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” the company said in a statement.
Colonial said it engaged a third-party cybersecurity firm to launch an investigation into the “nature and scope of this incident” and also contacted law enforcement and other federal agencies. A spokeswoman for FireEye confirmed to CNN on Saturday evening that FireEye Mandiant had been hired to manage the investigation.
The US Cybersecurity and Infrastructure Security Agency is “engaged with the company and our interagency partners regarding the situation,” Eric Goldstein, the executive assistant director of CISA’s cybersecurity division, said in a statement Saturday.
“This underscores the threat that ransomware poses to organizations regardless of size or sector,” he said. “We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
President Joe Biden was briefed about the shutdown on Saturday morning, a White House spokesperson said.
“The federal government is working actively to assess the implications of this incident, avoid disruption to supply, and help the company restore pipeline operations as quickly as possible,” the White House spokesperson said.
A White House official said analysis is ongoing to determine whether supply might become an issue following the event. The White House is planning for a number of scenarios, the official said, and is working with state and local authorities to determine what possible steps may need to be taken to help mitigate any potential impact on supply, if needed.
Cybersecurity has been a major focus following two alarming incidents — the SolarWinds intrusion campaign by alleged Russian hackers that compromised nine US agencies and dozens of private organizations, and the Chinese-linked hack of Microsoft Exchange server vulnerabilities that exposed tens of thousands of systems worldwide — as well as a high-profile, though unsuccessful, cyberattack in Florida earlier this year that sought to compromise a water treatment plant.
Ransomware attacks have worsened over the years, with recent targets as varied as state and local governments, hospitals and police departments. The cyber attacks involve a type of malicious software that locks up a victim’s computer and renders it unusable until the victim pays off the attacker, frequently in Bitcoin.
A spokesperson for the Department of Energy said the department “is coordinating with Colonial Pipeline Company, the energy industry, states, and interagency partners to provide situational awareness and support response efforts to this incident.”
“DOE is also working closely with the energy sector coordinating councils and the energy information sharing and analysis centers, and is monitoring any potential impacts to energy supply,” the spokesperson said a statement to CNN.
Colonial said Friday that it’s “taking steps to understand and resolve this issue.”
“At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline,” the company said.
Colonial, founded in 1962, says it transports about 45% of all fuel consumed on the East Coast. The pipeline system that spans more than 5,500 miles has two main lines: one for gasoline and another for things like diesel and jet fuel.
The company also had to suspend its pipeline in 2017 when Hurricane Harvey hit the Gulf Coast. The pipeline shut down for 11 days in September 2016 due to an underground leak and in November 2016 due to a deadly fire breaking out along a section of the pipeline in Alabama.
This story has been updated with additional developments Saturday.