Colonial Pipeline Co.—which operates the 5,500-mile Colonial Pipeline system taking fuel from the refineries of the Gulf Coast up to the New York metro area—said it learned Friday that it was the victim of the attack and “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations.”
The company said it had engaged a third-party cybersecurity firm to help with the issue, which affected some of its IT systems, and had contacted federal agencies and law enforcement.
The company said in a statement:
Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.
The Colonial Pipeline is the largest refined-products pipeline in the U.S., transporting more than 100 million gallons per day, or roughly 45% of fuel consumed on the East Coast, according to the company’s website. It delivers fuels including gasoline, diesel, jet fuel and heating oil and also serves U.S. military facilities.
As the F.B.I., the Energy Department and the White House delved into the details, Colonial Pipeline acknowledged that its corporate computer networks had been hit by a ransomware attack. The company said it had shut the pipeline itself, a precautionary act; apparently for fear that the hackers might have obtained information that would enable them to attack susceptible parts of the pipeline.
Administration officials said they believed the attack was the act of a criminal group, rather than a nation seeking to disrupt critical infrastructure in the United States. But at times, such groups have had loose affiliations with foreign intelligence agencies and have operated on their behalf.
The shutdown of such a vital pipeline, one that has served the East Coast since the early 1960s, highlights the vulnerability of aging infrastructure that has been connected, directly or indirectly, to the internet. In recent months, officials note, the frequency and sophistication of ransomware attacks have soared; crippling victims as varied as the District of Columbia police department, hospitals treating coronavirus patients, and manufacturers, which frequently try to hide the attacks out of embarrassment that their systems were pierced.