Watch CBS News

Cyberattack prompts major pipeline operator to halt operations

Cyberattack on U.S. pipeline
Cyberattack shuts down major U.S. fuel pipeline network 02:38

A cyberattack has prompted a company that operates a major energy pipeline in the U.S. to shut down operations.

The Colonial Pipeline Company said in a statement it learned on Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems." 

In an updated statement on Saturday afternoon it said it had "determined that this incident involves ransomware."

In most ransomware attacks, criminal hackers seize data and demand a large payment to release it, although it's unclear what was taken or whether any demands were made.

The breach appears to be an attack on the nation's critical energy infrastructure.   

The company describes its pipeline as "the largest refined products pipeline in the United States," and says it transports more than 100 million gallons of fuel through a pipeline system spanning 5,500 miles between Texas and New Jersey.

The company said the private cybersecurity firm FireEye Mandiant was brought on to investigate the incident.

"Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have already launched an investigation into the nature and scope of this incident, which is ongoing," the company said in its statement. "We have contacted law enforcement and other federal agencies."

It said it is taking steps to understand and resolve the issue and its primary focus is the safe and efficient restoration of service "and our efforts to return to normal operation."

President Joe Biden was briefed on the incident Saturday morning, a White House spokesperson said. "The federal government is working actively to assess the implications of this incident, avoid disruption to supply, and help the company restore pipeline operations as quickly as possible," the spokesperson said.

In this September 20, 2016, photo vehicles are seen near Colonial Pipeline in Helena, Alabama. The major pipeline that transports fuels along the East Coast says it had to stop operations because it was the victim of a cyber intrusion. AP Photo/Brynn Anderson

It's unclear who is behind the attack. Details of the incident are unclear. 

The FBI leads investigations on cyberattack incidents, but infrastructure such as the pipeline is the responsibility of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. The FBI on Saturday confirmed it is "working closely with the company and government partners," but said it had "nothing additional to add at this time."

Eric Goldstein, CISA's executive assistant director of the Cybersecurity Division, said in a statement that they were "engaged with the company and our interagency partners regarding the situation."

"This underscores the threat that ransomware poses to organizations regardless of size or sector. We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats," Goldstein said.

Cybersecurity expert Lisa Donnan, operating partner at Option3 Ventures, said in a statement to CBS News that this attack demonstrated the intersection between IT and operational technology (OT).

The attack looks to be a IT attack, but it shut down the pipeline which is an OT system. OT systems are much more massive than IT systems that are a ripe environment for adversaries wanting to disrupt our country's critical infrastructure systems," Donnan said. "Folks need to understand cybersecurity is a business issue not a IT issue. Net result of this attack could be delayed shipment of gas which business issue. Cyber resiliency programs have to be implemented."

DHS Secretary Alejandro Mayorkas called ransomware "an existential threat to one's business" this week, saying that more than $350 million in victim funds were paid in 2020 as the rate of ransomware attacks increased by 300% within the United States.

Meanwhile, the House Homeland Security Committee dedicated an entire hearing to ransomware last week. Representative Yvette Clark announced that she will soon introduce the "State and Local Cybersecurity Improvement Act," which would authorize $500 million in cyber grants to state, local, territorial and tribal governments to strengthen cybersecurity and prevent ransomware attacks.

The attack on Colonial Pipeline also comes after the Biden administration issued a wide range of sanctions against Russia last month in retaliation for recent incursions including the SolarWinds cyber espionage campaign. The SolarWinds intrusion that initially gave cyber criminals access to 18,000 government and private computer networks, though a much smaller number were the actual targets of espionage, according to CISA.

Cybersecurity experts have recently called on the Biden administration and Congress to shore up the nation's digital infrastructure.

"It's clear that we're in the midst of a new normal of cyber enabled malicious activity. The status quo costs American businesses and government agencies hundreds of billions of dollars a year in lost productivity, fraud, and disrupted operations," former CISA director Christopher Krebs and former senior cybersecurity adviser at CISA Matthew Masterson said in an April op-ed in The Hill. "Congress needs to pass a comprehensive digital infrastructure investment bill that authorizes and funds grants to state and local agencies to modernize their technology platforms and obtain the support they need to manage those systems, and safeguard against cyber attacks like ransomware."

Nicole Sganga, Gabrielle Ake and Jane Chick contributed to this report.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.