Update: May 14, 2021
The Colonial Pipeline operations have been partially restored as of now. However it is still unclear when the pipeline will be fully operational. There are reports from sources that a ransom amount was paid to the attackers after which much of the encrypted data could be restored, but the speed of restoring was slower than expected.
May 09, 2021– The Colonial cyberattack is a wake-up call to critical infrastructure operators, not only in the US but all over the world, regarding industrial cybersecurity as well as business IT cybersecurity.
Although this blog is focused on Industrial Safety, we do report on Industrial cybersecurity related incidents that might potentially lead to an Industrial incident that affects safety adversely. Some of our past news items regarding Industrial Cybersecurity are here.
Colonial Cyberattack Incident
Colonial Pipeline, a company that supplies almost 45 percent of the fuel supply to the US East Coast, was forced to shutdown pipelines after a major ransomware cyberattack on its Business (IT) systems. As of publishing this news, there was no clarity on when they will be able to re-start operations.
(Note: To clarify, strictly speaking, prima facie, this is not an Industrial Cybersecurity/ OT security incident, but an IT cybersecurity incident which has affected OT systems and caused them to be shut down, although the same could have occured if the pipeline SCADA or similar OT system were to get attacked.)
About Colonial Pipeline
Colonial Pipeline sources fuel from the Gulf Coast and supplies to the US East coast via its pipeline network. Every day their pipeline network carries 2.5 million barrels of fuel including diesel, gasoline and jet fuel from the Gulf Coast to consumers mainly on the East Coast. This shutdown might affect refined fuel product availability in the coming few days, if there is a delay in restarting the pipeline network.
According to online news reports US President Joe Biden has been briefed about the incident, one of the worst in recent times on the country’s critical infrastructure.
Media Release from Colonial Pipeline
Colonial Pipeline have released a media statement as given below:
“On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems. Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing. We have contacted law enforcement and other federal agencies.
Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline”.
Where to learn more about this?
To stay updated on this story please add us to your newsfeed.
To learn more about OT Cybersecurity and get certified, please take the Industrial Cybersecurity Training Course today.