LINDEN, NJ — The Colonial Pipeline, a 5,500-mile-long pipeline running between Linden and Houston that transfers 2.5 million barrels of jet fuel, gasoline and other refined products a day, shut down all operations on Friday, May 7, after hackers broke into some of its networks. According to a press release from the Colonial Pipeline Co., on Friday, May 7, the company learned that it was a victim of a cybersecurity attack. In response, it took certain systems offline to contain the threat, which temporarily halted all pipeline operations and affected some of its IT systems. A third-party cybersecurity firm was engaged to investigate the nature and scope of the incident, and law enforcement and other federal agencies were contacted.
According to the press release, by Sunday, May 9, the company was developing a system restart plan. While the main lines — lines 1, 2, 3 and 4 — remain offline, some smaller lateral lines between terminals and delivery points are now operational. The company says it is in the process of restoring service to other laterals and will bring its full system back online only when it believes it is safe to do so, in compliance with the approval of all federal regulations.
On Monday, May 10, at 12.25 p.m., Colonial Pipeline Co. released a statement that it was dedicating vast resources to restore pipeline operations quickly and safely. Segments of the pipeline were to be brought back online in a step-by-step fashion, in compliance with relevant federal regulations and in close consultation with the Department of Energy. The goal is to substantially restore operational services by the end of the week. Actions taken by the federal government to issue a temporary hours-of-service exemption for motor carriers and drivers transporting refined products across Colonial’s footprint should help alleviate local supply disruptions.
An emergency declaration from the Department of Transportation is intended to increase alternate transportation routes for oil and gas. It lifts regulations on drivers carrying fuel in 17 states across the southern and eastern parts of the United States, including Washington, D.C., which allows them to drive between fuel distributors and local gas stations on more overtime hours and less sleep than federal restrictions normally allow. The emergency order extends through Tuesday, June 8, and can be renewed.
On Monday, May 10, the FBI issued a statement confirming that a group of so-called professional hackers called Darkside had hacked the Colonial network, downloaded 100 gigs of data and demanded payment of a ransom to hand back control, according to a report from Reuters. Colonial responded by shutting its entire system down, rather than allowing cyberterrorists to cause even more damage to the system. According to Reuters, the cloud storage system to which the hackers uploaded the stolen data was taken offline, preventing Darkside from accessing it.
Colonial is reportedly working with FireEye, a cybersecurity company headquartered in Milpitas, Calif., to root out the hackers, who, according to Darkside’s own website, are not terrorists but opportunists trying to make money. Jason Gabelman, director of Energy Equity Research at Cowan and Co., a multinational independent investment bank and financial services company, said inventories of oil in storage will help manage disruptions in the near term.