Ransomware attack prompts shutdown of major U.S. gas pipeline with Alpharetta HQ

A major U.S. fuel distributor headquartered in metro Atlanta shut down its pipeline system over the weekend after being targeted in a cybersecurity attack.

Alpharetta-based Colonial Pipeline said it proactively took certain systems offline to contain the threat after some of its information technology systems were compromised in the security breach. Experts say that could potentially lead to fuel shortages and increased prices at the pump, but only if the pipeline remains shut down for several days.

On Saturday afternoon, Colonial confirmed the incident involved ransomware. Such an attack essentially holds a target computer system hostage by encrypting its files and demanding payment to release the data.

Colonial describes itself as the largest refined products pipeline in the United States, and the company is responsible for transporting more than 100 million gallons of fuel daily through a system spanning more than 5,500 miles between Texas and New Jersey. That represents about 45% of the fuel consumed on the East Coast.

In a statement released late Friday, Colonial said it had brought in a third-party security firm to investigate the scope of the cyberattack and that it was working with law enforcement and federal agencies.

Officials have not released a motive for the ransomware attack. The Washington Post reported the attack appears to have been carried out by an Eastern European-based criminal gang called DarkSide.

In a response to emailed questions from The Atlanta Journal-Constitution on Saturday, a spokesperson for the fuel distributor said no additional details were available.

Mike Chapple, a professor of IT, analytics and operations at the University of Notre Dame and a former computer scientist with the National Security Agency, told The Associated Press that systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions.

“The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren’t in place,” Chapple said.

Patrick De Haan, head of petroleum analysis for GasBuddy.com, said he doesn’t think the shutdown will last long enough to affect gas prices or the nation’s fuel supply.

“It seems from reading about this that the shutdown was preventative as they found ransomware elsewhere in their IT chain,” he told the AJC. “That gives me hope that they may be able to restore things fairly quickly.”

As of Saturday afternoon, gas prices had not surged as a result of the ransomware attack, he said. According to De Haan, a shutdown lasting one or two days likely won’t impact fuel prices, especially since oil refineries along the Gulf Coast are still churning out gasoline.

“The key question is how long is it going to be down?” he said. “The bulk of this should not be a pricing event, but the potential exists that there could be some localized challenges with fuel delivery should this lag on for more than several days.”

Oil analyst Andy Lipow told the AP that an outage of five or six days could lead to fuel shortages, particularly in the area between central Alabama and Washington, D.C. A lengthy delay could also impact the supply of jet fuel needed to keep major airports operating, he said, including those in Atlanta and Charlotte, North Carolina.

A spokesman for Hartsfield-Jackson International Airport said officials are monitoring the pipeline shutdown, but are “confident” the issue will be resolved.

“There is no impact to operations at Hartsfield-Jackson due to the pipeline incident,” airport spokesman Andy Gobeil said Saturday in an emailed statement. “ATL leaders and airline partners are in close communications with fuel suppliers and are confident the incident will be reconciled prior to any operational impact.”

Delta Air Lines said the pipeline shutdown has not impacted its oil refinery located outside Philadelphia.

In August 2017, the Colonial pipeline was temporarily shut down as Hurricane Harvey battered the Gulf Coast. And in September 2016, gas prices spiked across the Southeast when the pipeline was shuttered for more than a week after a major fuel leak.

In the statement posted to its website late Friday, Colonial said the company is “taking steps to understand and resolve this issue.”

“At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation,” the statement said. “This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”

Later reports on Saturday indicated President Joe Biden was briefed on the incident and the White House said the federal government was working with Colonial to assess the implications of the cyberattack, restore operations and avoid disruptions to the supply.

Meanwhile, experts say there’s no need to run out and fill up.

“Panic buying will make the situation far worse,” De Haan said. “If anything, it will further strain the system. Buy what you need. There’s no reason to rush out. Refineries are still producing gasoline, and this is just a temporary hiccup.”

Why it matters

The attack on the Alpharetta-based pipeline operator, which delivers roughly 45% of all fuel consumed on the East Coast, could impact fuel supplies and prices. An outage of one or two days would be minimal, an oil analyst said, but an outage of five or six days could cause shortages and price hikes. A key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.