Cyberattack Takes US Pipeline Operator Offline

A cyberattack has taken a major US pipeline operator offline. 

In a statement, Colonial Pipeline said it was “the victim of a cybersecurity attack.” It has taken “certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.”

The company did not elaborate on what happened. It’s alerted law enforcement and other federal agencies and hired a cybersecurity firm to investigate the breach. But the Washington Post reports that Colonial is victim of a ransomware attack, which means the company was likely hit by malware that has locked its systems, with hackers demanding money to unlock them.

A federal source tells the Post that it’s too early to tell who attacked Colonial.

“Colonial Pipeline is taking steps to understand and resolve this issue,” the company said in its statement. “At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”

Colonial operates a 5,500-mile pipeline system between Houston, Texas, and Linden, New Jersey, and says it transports more than 100 million gallons of fuel each day. According to the New York TimesNew York Times, much of that fuel goes into huge storage tanks, so this attack is “unlikely to cause any immediate disruptions.”

But ransomware and other cyberattacks on critical infrastructure are a growing concern. Cities large and small have paid ransoms to unlock their systems, as have hospitals. Experts generally warn against these payouts, as there’s no guarantee payment will result in the restoration of access. The Treasury Department last year also warned that ransomware payouts could violate US sanctions.

Some of these attacks are inside jobs from disgruntled employees, or pulled off by hackers looking for a payday. But the bigger worry is that a nation-state like Russia, China, or Iran has breached critical systems and has the power to disrupt water, power, and gas.

The recent SolarWinds hack, for example, was pulled off by Russia, according to US officials, while Chinese state-sponsored hacking groups are reportedly exploiting big vulnerabilities in Microsoft Exchange Server.

Last month, the Department of Justice indicted a 22-year-old Kansas man for trying to tamper with the local water supply after hacking into a public water system. And earlier this year, a hacker remotely accessed a water treatment plant in Florida and tried to poison the water supply, according to local police.