Week Ending May 14, 2021

Colonial Pipeline Restoring Service as Implications of Shutdown Are Sorted Out

This Article Appears as Published in Foster Report No 3349
Colonial Pipeline Restoring Service as Implications of Shutdown Are Sorted Out

The importance of pipelines became clear to millions of Americans in the wake of the shutdown of Colonial Pipeline’s system for less than a week. Because Colonial is such a major transporter of gasoline and refined fuel products to large markets, the outage following a ransomware attack May 7 had consumers and government agencies scrambling to minimize the effects.

The economic effect and psychological toll of lines at gasoline stations in multiple states and frustration of drivers that could not fuel vehicles due to the pipeline outage may recede in the coming weeks.

The Biden administration is seeking to limit any political fallout, noting that multiple government agencies stepped up to address the situation and ease the effects on consumers in the Southeast and East Coast. President Joe Biden and administration officials continuously updated the nation on the Colonial situation and took several steps to try and calm the storm of gasoline supply issues on the East Coast, with multiple agencies issuing rulings to ease the supply situation.

Colonial on May 13 said it restarted the entire pipeline system, and that product deliveries began to all markets served by the pipeline. “Following this restart, it will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during this start-up period,” the company said.

Colonial vowed to transport as much gasoline, diesel, and jet fuel as is safely possible until markets return to normal.

Biden and multiple cabinet members from the Department of Energy, Department of Transportation, Environmental Protection Agency, Department of Homeland Security (DHS) and other agencies discussed the ransomware attack and the effect on Colonial’s system over multiple days as fuel storage tanks were emptied and gasoline stations had no fuel. “I know seeing lines at the pumps or gas stations with no gas cane be extremely stressful,” Biden said. He and others urged drivers not to hoard gasoline and that the restart of pipeline operations does not mean supplies will refill immediately.

White House Press Secretary Jen Psaki said the restart is good news, meaning that “there’s an end in sight for the supply disruptions” that have affected multiple states. As Colonial resumes pipeline operations in the coming days “we will stay in close contact with the company and will continue to offer any assistance needed, as we have done since the outset of this shutdown,” Psaki said May 13.

Among the government efforts was a temporary and targeted waiver of the Jones Act, which enabled ship transport of fuel by a non-U.S. flagged vessel between Gulf Coast and East Coast ports, Psaki and others noted. DHS Secretary Alejandro Mayorkas issued a May 12 statement on the waiver for an individual company, which was not identified. On May 13, Argus reported that Valero received the waiver, citing unnamed shipping sources, noting that other companies had booked foreign vessels in case the Colonial outage extended and additional waivers could be sought.

When U.S.-flagged vessels are not available to meet national defense requirements, DHS can grant a waiver of the Jones Act if the proposed shipments are deemed necessary in the interest of national defense, Mayorkas noted. “The decision to approve the waiver was made after careful consideration and consultation with interagency partners across the federal government,” he said. DOT, DOE and the Defense Department were consulted to assess the justification of the waiver, Mayorkas said.

Colonial informed the FBI and engaged a cyber investigation firm when it shut down the pipeline following the ransomware attack. It shut down the pipeline to isolate its information technology (IT) segment and protect pipeline operations, the company said. Media outlets reported that the shutdown also was needed to protect systems that deal with shipper payments.

The shutdown began on the evening of May 7. Some parts of the Colonial system were being brought back into service by May 11, though the mainline segments remained offline until late in the day May 13. “To restore service, we must work to ensure that each of these systems can be brought back online safely,” and will be executing a phased-in approach to bring pipeline operations back to service, the company said May 10.

While Colonial is a major gasoline and refined products pipeline delivering fuels to the Southeast and Northeast, storage tanks have been used and there were no supply shortages early in the week, said Homeland Security Advisor and Deputy National Security Advisor Elizabeth Sherwood-Randall. She and Anne Neuberger, deputy national security advisor for cyber and emerging technologies at DHS, spoke at a White House briefing. Federal agencies are working to mitigate the effects of the Colonial shutdown, preparing for multiple contingencies and warning natural gas pipelines and others of cybersecurity precautions to take, Neuberger and Sherwood-Randall said.

The FBI on May 10 confirmed that the Darkside ransomware is responsible for the cyber attack on Colonial’s networks. The ransomware “is a new and very troubling variant” that the FBI has been monitoring, Neuberger said.

At this point in the investigation, there are no signs of ties to any particular nation for the cyber intrusion, and the government is treating the incident as a criminal act, Neuberger said. In the past, the FBI has advised companies not to pay ransoms for such incidents because it does not want to encourage the rise of ransomware attacks. However, agencies know that companies are in a difficult position and there is a “troubling trend” of hackers targeting companies that have insurance or vulnerabilities that could be exploited, she said.

Citing unnamed sources, Bloomberg on May 13 reported that Colonial paid nearly $5 million to the ransomware hackers.

Neuberger said Colonial was very careful to shut down the pipeline to isolate the cyber intrusion from affecting operations. Steps to isolate IT systems to limit the spread of ransomware within an entity are imperative.

Neuberger and Sherwood-Randall noted that the incident highlights how much of America’s critical infrastructure is controlled by the private sector, making cooperation and coordination on cyber protections so important.

DHS, DOE and the other agencies involved are taking a “whole of government approach” to investigate the incident and the culprits, including sharing information with critical infrastructure owners in the oil, natural gas and electric utility sectors. DOE will be holding phone calls with energy industry leaders, the officials said during the briefing.

Colonial is using a third-party service to conduct its own investigation and follow-up actions, and the federal government is pleased the company is confident it can address the situation, Neuberger said.

Colonial provided updates throughout the weekend, and on May 10 noted that the situation “remains fluid and continues to evolve.” The company has a goal of substantially restoring service by the end of the week, and it believes storage tanks and other facilities along its pipeline network can supply products to Colonial customers for local deliveries.

Headlines in several states showed gasoline stations out of fuel and drivers converging on stations once the pipeline outage extended for several days.

DOT issued an emergency waiver to allow truck drivers hauling gasoline and other fuels to work beyond daily time limits in 18 states and the District of Columbia to ensure supplies can be delivered during the emergency conditions of Colonial being shut down.

Gasoline prices fluctuated in some regions due to the pipeline outage, though drivers were encouraged not to fill up in panic buying of the fuel, which would exacerbate supply/delivery issues. The Southeast was most affected in the wake of the incident, market analysts said May 9.

Colonial’s main pipeline system delivers more than 1 million barrels/day from the Houston area into the Southeast and up the East Coast, terminating at Linden, New Jersey. It includes four pipelines, all of which remain shut at mid-day May 10. While Colonial is a major supplier of gasoline and refined products to the East Coast, Plantation Pipeline is a smaller system that has continued to operate and deliver fuel to East Coast markets, noted Patrick DeHaan, head of petroleum analysis at GasBuddy.

When Colonial was out of service, refiners in the Gulf Coast region were making contingency plans to deal with excess supplies that could not be transported by Colonial. Because refineries take several days or longer to stop and then resume operations, that is likely why refining companies like Valero were among the firms likely to seek Jones Act waivers or alternative transportation options, market sources said. The effect of the shutdown on the refining sector and the consuming public shows how certain critical pipeline facilities are targets for ransomware and cyber crimes, officials in the industry and government said.

In its May 10 update, Colonial said although the four mainline pipe segments remain out of service, smaller lateral pipelines between storage tanks and delivery points were operating.

“Our primary focus continues to be the safe and efficient restoration of service to our pipeline system, while minimizing disruption to our customers and all those who rely on Colonial Pipeline. We appreciate the patience of the traveling public and the support we have received from the Federal Government and our peers throughout the industry,” Colonial said.

FERC Commissioner Neil Chatterjee posted on Twitter that the ransomware attack on Colonial is a reminder of the threats facing critical energy infrastructure. He included a link to a joint OpEd he wrote in 2018 with then-Commissioner Richard Glick about rethinking the voluntary approach to cybersecurity at the Transportation Security Administration.

On Capitol Hill, lawmakers said the incident shows infrastructure vulnerabilities and underscores the need for enhanced cybersecurity protections. Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wisc.), co-chairs of the Cyberspace Solarium Commission, issued a statement that they are disappointed but not surprised by the cyber attack that shut down Colonial operations. The incident “is a clear example of the need to create a new social contract between the federal government and systematically important critical infrastructure,” King and Gallagher said.

Critical infrastructure such as the power grid and other assets are targets for nation-state adversaries and criminal actors, the lawmakers said. “It is well past time for the federal government to enhance its partnership with these entities and ensure these companies are executing their security responsibilities effectively,” they wrote.

 

By Tom Tiernan ttiernan@fosterreport.com

 

Want to try it out? Sign up for a free trial!
Subscribe Here