Major US pipeline targeted in cyber attack
The Colonial Pipeline ships gasoline and jet fuel from the Gulf Coast of Texas to the populous East Coast through 5,500 miles (8,850 kilometers) of pipeline, serving 50 million consumers.
In a statement the company said that on Friday it was the “victim of a cybersecurity attack” and that in response it took its systems offline.
This “temporarily halted all pipeline operations, and affected some of our IT systems,” the company said.
It gave no details of what the attack entailed, but it is not thought to have caused any immediate disruptions.
Colonial, based in the southern state of Georgia, is the largest pipeline operator in the United States by volume, transporting 2.5 million barrels of gasoline, diesel fuel, jet fuel and other refined petroleum products per day.
The operator said it had hired a cybersecurity firm to investigate and contacted federal law enforcement authorities.
But the attack prompted calls from cybersecurity experts for improved oversight of the industry to better prepare for future threats.
“This attack is unusual for the US. But the bottom line is that attacks targeting operational technology—the industrial control systems on the production line or plant floor—are becoming more frequent,” said Algirde Pipikaite, cyber strategy lead at the World Economic Forum’s Centre for Cybersecurity.
“Unless cybersecurity measures are embedded in a technology’s development phase, we are likely to see more frequent attacks on industrial systems like oil and gas pipelines or water treatment plants.”
Eric Goldstein, an executive assistant director at the US Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, said CISA was “engaged” with the company over the situation.
“This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats,” he said.
The US was rocked in recent months by news of two major cybersecurity breaches—the massive SolarWinds hack that compromised thousands of US government and private sector computer networks and was officially blamed on Russia; and a potentially devastating penetration of Microsoft email servers.
The latter is believed to have affected at least 30,000 US organizations including local governments and was attributed to an aggressive Chinese cyberespionage campaign.
Both breaches appeared to be aimed at stealing emails and data but they also created “back doors” that could allow attacks on physical infrastructure, according to The New York Times.