The ransomware attack on Colonial Pipeline over the weekend is the type of event that should keep executives of any company operating critical infrastructure assets awake at night. With the virus first detected in their system on Friday, the liquids pipeline system (which accounts for about 45% of the fuel consumed on the East Coast) was forced to completely cease operations almost immediately to limit the spread across their various operational and control systems. As of today, the pipeline indicates they are slowing bring various bits and pieces of the system back up, but they haven’t yet been able to give a timeline for when the system would be back in full operation. Until then, petroleum liquids, including gasoline, diesel and jet fuel continues to pile up in storage awaiting trucks to move from refineries to various customers and distributors from Houston to New York.
The group behind the attack, called DarkSide, which apparently operates from Russia, seemed a bit surprised that their software was as effective as it was. After the US federal government issued a rare emergency declaration, DarkSide issued a statement that said it wasn’t their intent to bring the whole system down and declared themselves to be non-political. However, it would appear to be a little too late to backpaddle from their “success” as there is no doubt that the US government will ramp up countermeasures to try to stop the group from inflicting further damage on US infrastructure, though clearly those efforts to date have not been successful at stopping all such events.
Though the disruptions caused by the attack will temporary, it is somewhat shocking that these types of events do continue to occur. If there is a silver lining, its that it was not a natural gas pipeline system that fell victim to the attack. Being a liquids pipeline, transporters and markets for the fuels all have some level of storage capacity at the end points of the system, providing the capability to continue to operate their refineries, fuels racks or airport fuel farms for some days while waiting on trucks to replace the lost pipeline capacity. If a similar attack had occurred to a natural gas pipeline, the impact would have been far more severe as there is very limited or no capacity to store gas at all the various power plants, factories, utilities and residences that rely on “just in time” delivery of natural gas. Should one of the large interstate pipelines be effected in a similar manner in the future, the economic and social impacts could be huge, particularly if that pipeline were down for multiple days or even a week or more as may be the case with Colonial.
There will be a number of questions that must be examined and lessons learned in the aftermath of this event, but the biggest are: How did the virus infect Colonial’s systems and what could have been done to prevent it from getting there and/or propagating? No doubt Colonial believed they were doing everything they could to prevent such an attack, but clearly it wasn’t enough…and the knowledge that it wasn’t is what should be causing alarm bells to ring throughout the energy industry.