Operations along Colonial's Pipeline's 5,500-mile (8,851km) system are shut after the company experienced a cybersecurity attack yesterday.
The company notified shippers at 12:37pm ET on 7 May that the pipeline system was being impacted by network issues and then late last night confirmed the cybersecurity breach. Colonial did not give an expected time of return to full operations but said a third-party cybersecurity team was investigating the nature and scope of the attack.
To contain the threat, Colonial said it took some systems offline, which has temporarily halted all pipeline operations and has also affected the nominating system that facilitates requests to ship petroleum products on the pipeline. Colonial's pipeline system connects US Gulf coast refiners and importers to the New York Harbor market.
The company said it contacted law enforcement and is cooperating with the investigation.
Warnings about the pipeline industry's exposure to cyber attacks have been ringing for years. A February 2017 study sponsored by engineering group Siemens found that the deployment of cybersecurity measures in the US oil and gas industry was not keeping pace with the growth of digitization in operations.
After a 2018 attack on Latitude Technologies' EDI system — a third party service used for pipeline scheduling and nominations — at least four companies that own interstate natural gas pipelines advised customers to temporarily switch to other systems. That cyber attack did not disrupt physical pipeline operations.
Enterprise Products Partners in 2019 said it had "doubled down" on cybersecurity, boosting investment in its internet technology group to address the rising threat to pipeline systems.
The security of the country's oil, gas and hazardous liquid pipelines is overseen by the US Transportation Security Administration's (TSA), and some in government have debated whether the TSA is the right agency for the job.
By Jason Metko