Colonial Pipeline posted cybersecurity job opening before attack

Colonial Pipeline, the United States firm at the centre of a major ransomware attack that has led to worsening petrol shortages and fuel hikes across the country, posted a job opening for a cybersecurity manager weeks before the hack forced the pipeline offline.

The job posting for Colonial’s “manager of cybersecurity” was still live on its website on Wednesday as the company announced the pipeline would restart five days after the cyberattack.

In the posting, Colonial described the Alpharetta, Georgia-based position as being “accountable for managing a team of cyber security certified subject matter experts and specialists including but not limited to network security engineers, SCADA & field controls network engineers and a cyber security architect”.

The role called for a “self-motivated” person with a bachelor’s degree in computer science, information security or a related field or a combination of work experience and education, according to the posting. Candidates would ideally have five or more years of technical experience in addition to five or more years of practical experience.

“As the Manager, you will lead the development of the enterprise strategy for cybersecurity; will oversee the development of standards and processes for cyber security; lead the recovery from security incidents; and guide forensics of incidents,” the posting stated. “You are someone who has an understanding of emerging security threats in order to design security policies and procedures to mitigate threats where possible.”

Colonial Pipeline describes itself as the largest refined products pipeline in the US, responsible for transporting 2.5 million barrels per day of various grades of gasoline, diesel fuel, home heating oil, jet fuel and fuels for the US military along 5,500 miles of underground pipe.

It said in a statement that the job posting was not connected to the cyberattack.

“The cybersecurity position was not created as a result of the recent ransomware attack,” the company said in an email to Bloomberg news. “We have several positions open as part of our longer-term growth strategy around talent, as we are constantly recruiting top-tier talent across all functional areas of our business.”

The company said it transports about 45 percent of all fuel consumed on the densely populated East Coast, providing fuel to 50 million Americans.

On Saturday, Colonial issued a statement confirming it was “the victim of a cybersecurity attack” and that the incident involved ransomware.

Ransomware is a type of malware that encrypts data, locking legitimate users out of systems until a ransom is paid.

The company said it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems” and engaged a third-party cybersecurity firm as well as law enforcement and federal agencies.

On Monday, the FBI confirmed the pipeline attack had been carried out by a criminal gang called DarkSide.

“The FBI confirms that the Darkside ransomware is responsible for the compromise of the Colonial Pipeline networks,” the FBI said a statement. “We continue to work with the company and our government partners on the investigation.”

Colonial said on Monday it was working towards “the goal of substantially restoring operational service by the end of the week”.

Days later, however, the majority of the pipeline was still offline and fuel shortages have swept parts of the US, with drivers in some states lining up for hours to fill up their tanks or finding “no fuel” signs attached to their local pumps.

At least four US governors, in Virginia, Florida, North Carolina and Georgia, have declared states of emergency in response to the shortages.

The national average retail price of petrol hit a six-year high on Wednesday, standing at just over $3 per gallon, according to data from the motorist organisation AAA.

Even as Colonial restarts pipeline operations on Wednesday, US Energy Secretary Jennifer Granholm acknowledged it would take several more days to “ramp up operations” and about two weeks for fuel stored in Houston, Texas to make it to East Coast filling stations.