The largest fuel pipeline in the United States was hit by a cyberattack on Friday. The company which controls the equipment, Colonial Pipeline, issued a statement admitting they had been forced to temporarily shut down the conduit’s operation. As of Monday morning, all four main lines remain unusable and have been unable to transfer fuel to cities between its origin at Houston-area refineries and the primary endpoint in New York harbor.
The pipeline normally transfers roughly 2.5 million gallons per day, supplying almost half of the supply of gasoline, jet fuel and diesel to southern states and the east coast.
The severity of the situation has caused the Federal Motor Carrier Safety Administration to issue a one-month waiver to some regulations related to the transport of fuel. Ships and trucks, the standard methods of conveyance prior to the installation of the pipeline, are already moving to supply affected states.
There aren’t enough available ships and trucks to accommodate need, however, even with the regulations temporarily lifted. Fuel prices are expected to spike in most of the affected areas, starting at 2%-3% on Monday morning and rising with successive days until the situation is resolved.
Locations which have received the regulatory bypass to allow large quantities of fuel to use conventional pathways are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Texas and Virginia. The other northeast states are expected to be affected as well. While the mechanisms in place to transport to them have not been compromised, without fuel available at their source in New York the distribution becomes moot.
Company officials have been working to remedy the situation, but have as yet been unsuccessful. The issue has been caused by ransomware from a group named DarkSide. Software security company Acronis provides a summary of the group:
● Discovered in August 2020
● Targets only English-speaking countries, while avoiding former Soviet countries
● Does not attack hospitals, hospices, schools, universities, non-profit organizations, or government agencies
● Uses Salsa20 with the custom matrix and RSA-1024 encryption algorithms
● Ransoms range from $200,000 to $2,000,000.
DarkSide uses a two-pronged attack, simultaneously locking control of software and threatening to release proprietary code and company data onto the internet unless money is paid.
By avoiding public-interest targets which would be expected to garner disproportionate sympathy and government agencies, DarkSide has not presented itself as an especially important target for law enforcement. That has changed with the Colonial Pipeline attack and the threat it poses to air and road transport. Should the shutdown continue, delays in everything from produce replenishment to mail distribution should be expected. Multiple law enforcement agencies and the Department of Energy are currently working with Colonial to restore service.
