A tank farm along Colonial Pipeline.
© 2016 Bloomberg Finance LP
One of America’s energy jugulars, the 5,500-mile, 100 million gallon-per day Colonial pipeline network, was shut down Friday night because of what the company refers to as a “cybersecurity attack.”
The incident is ongoing, the company says, and is already under investigation by private cyber forces and federal agencies.
The alleged attack disrupts the nation’s largest gasoline and diesel fuel pipeline system, which supplies 45% of fuel supplies to the East Coast, including New York harbor and airports.
“We proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations,” said the company.
The last major disruption of the line took place following 2017’s Hurricane Harvey, which flooded Houston refineries. Gas prices on the Eastern Seaboard soon spiked. Already, since November, gasoline prices are up 80 cents on average nationwide.
Regardless of how quickly Colonial gets operations restored, “this pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack,” says Mike Chapple, a computer scientist and professor at the University of Notre Dame’s Mendoza College of Business. Even if the shut downs were made out of some abundance of caution, “that this attack compromised systems that control pipeline infrastructure indicates either the attack was extremely sophisticated or the systems were not well secured.”
Colonial Pipeline is owned by institutional investors including KKR
KKR
The attack comes in the wake of the Solarwinds
SWI
Earlier this year in Oldsmar, Florida hackers sought to take control of the municipal water system. When detected they were in the process of boosting levels of dangerous chemicals in the water supply of 15,000 homes on Florida’s west coast.
More significant in recent years have been Iran’s purported 2012 hack of Saudi Aramco systems, which destroyed 30,000 company computers, as well as more recent attacks.
And going back to 2010, perhaps the granddaddy of the industrial cyberattacks we know about — when Iran’s nuclear centerfuge operation was targetted by a computer worm program called Stuxnet believed to have been deployed by Israel and the U.S.
