Pipeline ransomware attack: US invokes emergency transport rules to keep fuel flowing

Tankers given special permission to carry fuel to counter supply shortages due to shutdown of Colonial Pipeline.
Written by Liam Tung, Contributing Writer

The US Department of Transportation (USDOT) has invoked emergency powers in response to the Colonial Pipeline ransomware attack in order to make it easier to transport fuel by road.

The ransomware attack, disclosed late last week, impacted the pipeline company, which is responsible for supplying 45% of the East Coast's fuel, including gasoline, diesel, jet fuel, home-heating oil, and fuel for the US military.

Colonial said it is developing a system restart plan and said that while its mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational. 

SEE: Security Awareness and Training policy (TechRepublic Premium)

"Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring," the company said

In the meantime, the USDOT's Federal Motor Carrier Safety Administration (FMCSA) has issued a Regional Emergency Declaration – temporary exemptions involving laws restricting road transport of fuel, and allows drivers to work for longer.

The exemptions apply to vehicles transporting gasoline, diesel, jet fuel and other refined petroleum products to Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.

"Such emergency is in response to the unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout the affected states," FMCSA said in a statement.  

Cybersecurity experts told Reuters today that the ransomware group DarkSide is suspected to have carried out the attack on Colonial Pipeline. 

Darkside runs a ransomware-as-a-service business that other cybercrime groups can rent. It's been active since mid-2020 and although a decryptor was released in January, security firm Cyber Reason noted that the group recently released DarkSide 2.0. The group is known for encrypting, as well as stealing, some data and using the threat of its exposure on the internet as leverage for the victim to pay ransoms.

SEE: Ransomware just got very real. And it's likely to get worse

FMCSA's exemption is aimed at providing commercial tanker operators regulatory relief while directly supporting emergency efforts to patch up fuel supply shortages "due to the shutdown, partial shutdown, and/or manual operation of the Colonial pipeline system".

The shutdown of Colonial Pipeline might impact fuel prices depending on the length of the disruption. 

Gaurav Sharma, an independent oil market analyst, told the BBC that a lot of fuel is banking up at Texas refineries.

"Unless they sort it out by Tuesday, they're in big trouble," said Sharma. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York."  

Colonial Pipeline confirmed on Sunday it was the victim of ransomware and said it had engaged an external cybersecurity firm to assist with its recovery effort. 

Editorial standards