Signage is displayed on a fence at the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama, U.S., on Monday, Sept. 19, 2016.
Luke Sharrett | Bloomberg | Getty Images
The country’s top fuel pipeline operator Colonial Pipeline fell victim to a cybersecurity attack on Friday that involved ransomware, forcing it to temporarily shut down all pipeline operations, the company said in a statement on Saturday.
The firm has hired a third-party cybersecurity firm to launch a probe into the incident and has contacted law enforcement and other federal agencies. The cyberattack has affected some of its IT systems too.
Colonial Pipeline, which transports nearly half of the East Coast’s fuel supply, said it is “taking steps to understand and resolve this issue.”
“At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation,” the company said in a statement.
“This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline,” the company said.
Colonial Pipeline is the largest refined products pipeline in the country, transporting 100 million gallons or 2.5 million barrels per day, according to its website. Its system spans over 5,500 miles between Texas and New Jersey. Refined products include gasoline, diesel, home heating oil and jet fuel.
The Federal Energy Regulatory Commission, which oversees interstate pipelines, said it is aware of the cyberattack and is monitoring the situation.
“We are aware of what appears to have been a serious cyberattack on the Colonial Pipeline system,” Chairman Richard Glick said in a statement to CNBC. “FERC is in communication with other federal agencies, and we are working closely with them to monitor developments.”
The Biden administration in April announced a 100-day plan to protect the country’s electric system supply chain from cyberattacks amid growing concerns over how vulnerable the U.S. power supply is to cyber threats.
A U.S. Department of Energy spokesperson said the department is coordinating with Colonial Pipeline, the energy sector, states and interagency partners to support response efforts.
“DOE is also working closely with the energy sector coordinating councils and the energy information sharing and analysis centers, and is monitoring any potential impacts to energy supply,” the spokesperson told CNBC.
Andy Lipow, president of Texas-based Lipow Oil Associates, said an outage that last one to two days would cause some minor inconveniences and that more widespread impact would occur after four to five days of shutdown.
There could be potential sporadic outages as well if a specific terminal was relying on a delivery today or tomorrow and that is now delayed, Lipow said.
“Unlike the February freeze or hurricane, refineries are still in operation turning crude into gasoline, jet and diesel. They just can’t get it to the terminals,” Lipow said. “An extended colonial pipeline outage will force refiners to reduce their operating rates as inventory in the refinery fills up.”
“While they may not be able to ship it to Colonial, the refineries will certainly be able to continue shipping to the Midwest markets,” Lipow said.
Colonial Pipeline is privately held by five entities: CDPQ Colonial Partners, L.P.; IFM (U.S.) Colonial Pipeline 2, LLC; KKR-Keats Pipeline Investors, L.P.; Koch Capital Investments Company, LLC; and Shell Midstream Operating, LLC.