A devastating ransomware attack left Colonial Pipeline out of service for six days, and fuel stations in many US states are experiencing shortages

Colonial Pipeline storage tanks 2

(Credit: Colonial Pipeline)

Colonial Pipeline has confirmed a restart of its operations following a crippling ransomware hack that left its network offline for six days – but supply disruption is likely to persist as services get back up to speed.

The company said it began the first step of the restart process at around 5pm Eastern Time on Wednesday (12 May), and will “move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal”.

Panic buying in several US states over the past few days pushed fuel prices to their highest in years, while many regions have been affected by supply shortages.

National average gasoline prices surpassed $3 per gallon this week for the first time since 2014 as consumers rushed to fill up their tanks.

Gasoline pumps at almost three quarters (74%) of fuel stations in North Carolina have now run dry, while the same is true for around 50% of forecourts in Georgia, Virginia and South Carolina, according to the latest data compiled by GasBuddy.

GasBuddy analyst Patrick De Haan said on Twitter that regional outages are expected to peak in the next couple of days before starting to fall.

“I’m optimistic the situation will resolve quickly,” he wrote. “Motorists could help the situation by holding off for a day or two to let stations refuel faster. This is terrific news ahead of what is likely to be a very hot summer for demand.

“As was hoped, Colonial overestimated its restart date and now finally Americans can have some peace of mind that gasoline, diesel and jet fuel will begin flowing to affected areas once again.”

Colonial Pipeline had said on Monday that it hoped to “substantially restore” operations by the end of this week.

A ransomware attack last Friday (7 May) forced the Georgia-based company to shut down its entire infrastructure network, prompting a major federal investigation.

It runs the largest refined products pipeline in the US, stretching 5,500 miles from Houston, Texas to Linden, New Jersey – normally transporting more than 2.5 billion barrels each day from Gulf Coast refineries.

Around 45% of the fuel products used on the US East Coast flow through the sprawling network, including gasoline, diesel, jet fuel, home heating oil and fuel used by the US military.


Disruption expected for ‘several days’ after Colonial Pipeline restart

While the restart of Colonial Pipeline is welcome news, supply disruptions are expected to continue for a while longer.

The company said: “It will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period.”

Speaking at a White House press briefing earlier in the week, US energy secretary Jennifer Granholm, whose department has been co-ordinating the federal government’s response to the incident, confirmed as much, saying “it will take a few days to ramp up operations” after the restart is made.

She added: “This pipeline has never been shut down before. It travels great distances, there’s fuel in the pipe and then there’s offtake from the refineries that has to be added. So it will take a few days to be up and running.”

In an update yesterday before the restart was made, Colonial Pipeline said it had taken delivery of an additional two million barrels ready for deployment.

It added that, since the breach, it has worked with shippers to deliver around 967,000 barrels to destinations along its network.

colonial pipeline restart
Map of the Colonial Pipeline (Credit Colonial Pipeline)

A briefing from the US Energy Information Administration (EIA) notes that fuel travels through the pipeline at around five miles per hour, so some markets may need to rely on inventories “for several days” even after full service is restored.

“Federal and state governments have issued regulatory waivers and notices to loosen restrictions on trucked shipments of petroleum products,” it added.

These have included a temporary easing of restrictions on driver hours for trucks delivering fuel by road in several affected states, as well as an emergency short-term waiver on certain seasonal fuel regulations.

Late yesterday, the US administration approved a temporary waiver to the Jones Act, enabling non-US-flagged maritime cargo vessels to transport fuel between the country’s ports.

US secretary of homeland security Alejandro Mayorkas said: “This waiver will help provide for the transport of oil products between the Gulf Coast and East Coast ports to ease oil supply constraints as a result of the interruptions in the operations of the Colonial Pipeline.”

He added the decision was made after “careful consideration and consultation” with inter-agency partners across the federal government, including the departments of energy, transport and defense.


Cybersecurity in the spotlight

Earlier this week, the FBI identified a hacking group known as DarkSide as being responsible for the cyber-attack.

Cybersecurity experts say the group is known for offering ransomware-as-a-service – meaning it sells encryption tools enabling others to hack into IT systems with the intention of locking out the user and collecting a pay-off for returning control.

The group is reported to have released a statement after the attack on Friday claiming to be “apolitical” and only interested in making money, “not creating problems for society”.

It added that it would “introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future”.

The incident brings into sharp focus the issue of cyber-resilience across critical infrastructure and the vulnerability of energy systems to hacking attempts.

Secretary Granholm said: “It’s a reminder that we need to take a hard look at how we need to harden our necessary infrastructure – and that includes cyber threats.”

On Wednesday, President Biden signed an executive order aimed at improving cybersecurity across the federal government and national infrastructure.

A White House briefing said it is the “first of many” steps the government plans to take to modernise its cyber defenses, but added that “the Colonial Pipeline incident is a reminder that federal action alone is not enough”.

“Much of our domestic critical infrastructure is owned and operated by the private sector, and those private sector companies make their own determination regarding cybersecurity investments,” the briefing stated.

“We encourage private sector companies to follow the federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimising future incidents.”