A ransomware attack on the Colonial Pipeline Company forced the company to shut down all pipeline operations on Friday. The company said Sunday evening that it was working on a proposal to restart the system, but that some smaller lateral lines between terminals and distribution points were now operational. As of Sunday night, Colonial’s mainlines (Lines 1, 2, 3, and 4) were still down. “We are working to restore service to other laterals and will put our whole system back online only when we are certain that it is safe to do so and in full compliance with all federal regulations,” the company said in a statement. “At this time, our primary focus is on restoring service to our pipeline system in a secure and efficient manner, while minimising damage to our customers and all those who depend on Colonial Pipeline. We are grateful for the patience and guidance we have received from those in the industry.” The Colonial Pipeline, which runs between Houston, Texas, and Linden, New Jersey, is the country’s largest refined products pipeline, carrying more than 100 million gallons of fuel daily over a distance of more than 5,500 miles. According to Edgard Capdevielle, CEO of Nozomi Networks, “the initial information available from Colonial Pipeline and the press coverage seems to suggest that they had the processes in place to identify and contain this type of attack – before it could be exploited further and cause further damage.” “I’m sure having to take systems down in this containment would have a financial effect, but imagine an assault where they didn’t have the systems and processes in place and lost control of their company for an extended period of time. The expense of proactively taking items offline would seem to be a rounding error.” Not without prior notice The incident occurred just days after the National Security Agency (NSA) of the United States issued a cybersecurity advisory focusing on the security of OT systems, particularly in terms of connectivity to IT systems. Last year, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint warning encouraging critical infrastructure operators to take urgent steps to reduce the risk of cyberattacks on OT networks. The Transportation Security Administration (TSA) of the United States Department of Homeland Security (DHS) needed to correct shortcomings in the management of key elements of its pipeline security programme, according to a Government Accountability Office (GAO) report released in 2019. A cyberattack on a third-party communications system struck many natural gas pipeline operators in the United States in 2014, but the incident had little effect on operational technology. The GAO issued a series of recommendations in December 2018 to fix discovered vulnerabilities in the TSA’s pipeline protection programme, including updating pipeline security guidelines, preparing for personnel needs, evaluating pipeline risks, and tracking programme efficiency. In 2012, the Department of Homeland Security (DHS) issued a warning about malicious actors targeting the natural gas industry.
