Major US pipeline network shuts after ‘cybersecurity attack’

Colonial Pipeline says it temporarily halted all pipeline operations after incident involving ransomware.

This 2008 file photo shows oil storage tanks owned by the Colonial Pipeline Company in Linden, New Jersey, US [File: Mark Lennihan/AP Photo]

A major pipeline operator in the United States has been forced to shut its entire network after a cyber attack that the company confirmed on Saturday involved ransomware.

Colonial Pipeline said in a statement late on Friday that it was the victim of “a cybersecurity attack”.

“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” it said.

On Saturday afternoon, the company put out a second statement confirming the “incident involves ransomware”.

Ransomware is a type of malware that is designed to lock down systems by encrypting data and demanding payment to regain access. The malware has grown in popularity over the last five years.

Colonial’s network supplies fuel from US refiners on the Gulf Coast to the populous eastern and southern United States.

The company transports 2.5 million barrels per day of gasoline, diesel, jet fuel and other refined products through 8,850km (5,500 miles) of pipelines.

Colonial Pipeline says it transports 45 percent of the east coast fuel supply.

This 2016 file photo shows cars near Colonial Pipeline in Helena, Alabama [File: Brynn Anderson/AP Photo]

“The fact that this attack compromised systems that control pipeline infrastructure indicates that either the attack was extremely sophisticated or the systems were not well secured,” said Mike Chapple, a professor at the University of Notre Dame’s Mendoza College of Business and a former computer scientist with the US National Security Agency.

“This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack,” Chapple told Reuters.

In its statements, the company said it had hired a private security firm to investigate the hack and contacted law enforcement and US federal authorities.

“At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway,” it said.

The US was rocked in recent months by news of two major cybersecurity breaches.

The massive SolarWinds hack compromised thousands of US government and private-sector computer networks and was officially blamed on Russia; while another hack targeted Microsoft email servers.

The latter is believed to have affected at least 30,000 US organisations including local governments and was attributed to an aggressive Chinese cyber-espionage campaign.

Both breaches appeared to be aimed at stealing emails and data but they also created “back doors” that could allow attacks on physical infrastructure, The New York Times reported.

Source: News Agencies