[Update-05] Colonial Ransomware Incident | May 13, 2021 | INC10337231

Critical Infrastructure Involved: Cyber, Energy (Oil), Transportation Systems (Pipelines)

 

Summary: Colonial Pipeline initiated the restart of pipeline operations on May 12, at approximately 1700 ET.  Following this restart, it will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.

Colonial’s primary focus remains safety. As part of this startup process, Colonial will conduct a comprehensive series of pipeline safety assessments in compliance with all Federal pipeline safety requirements.

 

Key Points:

• The Federal Railroad Administration (FRA) is canvassing rail operators to determine their capacity to help transport fuel from ports inland and identify additional steps FRA could take to assist them in increasing capacity to do perform these actions.
• Department of Transportation’s Maritime Administration has completed a survey of Jones Act-qualified vessels to evaluate what assets are available in the Jones Act fleet to carry petroleum products within the Gulf, and from the Gulf up the Eastern Seaboard.
• Region 4 provided an update, from the South Carolina Office of Regulatory Staff:
  • Stated there is no shortage of fuel in the state, but a delay in delivery to filling stations.
  • Two concerns are panic buying and distance of travel for fuel trucks to receive fuel and distribute that fuel to filling stations.

 

Retail Stations:

• As of May 12, more than 10,000 stations were without gasoline in the Southeast. 69% of North Carolina gas stations, 46% of Georgia gas stations, 48% of South Carolina gas stations, and 52% of Virginia gas stations were last reported as out of fuel. Please note that retail station outage data from GasBuddy is based on consumer reported, crowd-sourced, information and is should be used as directional indication. Additionally, retail fuel station outage information is based on total number of stations, not total volume of product. Small stations may experience earlier outages due to less storage capacity. Initial outages may also occur due to high demand rather than inability to resupply.

 

Transportation:

Aviation:

• Flights departing from cities within the United States are having to make fuel stopovers on the way to their final destinations due to supplies being cut. As a result, hundreds of flights were cancelled as airlines struggled to make do with less than a third of the fuel they were used to having. According to open source, international flights also had to make additional stops in other cities in order to get enough fuel to operate to their final destination.

 

Energy:

Oil:

• Virginia Truckers Association reports the closed main terminal on the pipeline that is still producing gas is located in Greensboro, NC. This is the closet location for Virginia tankers. Other areas on the pipeline closer to or within Virginia are not seeing outputs needed to supply the region. Virginia is also experiencing a trucker shortage. Nearly 52% of Virginia's gas stations are out of gas.

 

Activations and Declarations:

• The Department of Transportation (DOT) announced on May 11 the following states are allowed to use Interstate highways in their states to transport overweight loads of gasoline: Alabama, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, North Carolina, Tennessee, and Virginia. DOT reported they will also be relaxing some workforce requirements and enlisting railroads to deliver fuel inland.
• The Environmental Protection Agency (EPA) issued a second emergency fuel waiver waiving the requirements for low volatility conventional gasoline and reformulated gasoline for the following states: Washington, D.C., areas of Maryland, Pennsylvania, Virginia, Alabama, Delaware, Georgia, specific counties of Florida, Louisiana, Mississippi, North Carolina, South Carolina, and Tennessee.
• The Governor of Maryland on Wednesday authorized the Maryland Department of Transportation (MDOT) to take emergency measures to response. MDOT is allowed to issue emergency waivers of weight restrictions and hours-of-service for motor carriers in the state. Virginia's Governor has also declared a state of emergency.

 

CISA Actions:

• Providing regular updates to Federal Cyber partners, Regions, and additional stakeholders.
• Continuing to engage DOE for updated information.

 

See Railway Alert Network (RAN) Cybersecurity Awareness Message: Update 5- Colonial Pipeline- Response to Cyber Attack and Restoration of Operations statement here.

 

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
Cell:  217-299-3954 | steven.lyddon@cisa.dhs.gov