US pipeline company halts operations after cyberattack

Saturday, May 8, 2021 | Alan Suderman And Eric Tucker, Associated Press


In this Sept. 8, 2008 file photo traffic on I-95 passes oil storage tanks owned by the Colonial Pipeline Company in Linden, N.J. A major pipeline that transports fuels along the East Coast says it had to stop operations because it was the victim of a cyberattack. Colonial Pipeline said in a statement late Friday that it “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” (AP Photo/Mark Lennihan, File)

WASHINGTON (AP) — The operator of a pipeline that transports fuel across the East Coast said Saturday it was the victim of a ransomware attack and temporarily halted all pipeline operations.

Colonial Pipeline did not say what was demanded or by whom, but ransomware attacks typically involve criminal hackers who seize data and demand a large payment to release it.

—-

“THIS IS A BREAKING NEWS UPDATE. AP’s earlier story follows below.”

A U.S. energy company says a cyberattack forced it to temporarily halt all operations on a major pipeline that delivers roughly 45% of all fuel consumed on the East Coast.

Colonial Pipeline said the attack took place Friday and also affected some of its information technology systems. The company transports gasoline, diesel, jet fuel and home heating oil from refineries primarily located on the Gulf Coast through pipelines running from Texas to New Jersey.

The Alpharetta, Georgia-based company said it hired an outside cybersecurity firm to investigate the nature and scope of the attack and has also contacted law enforcement and federal agencies. While there have long been fears about U.S. adversaries disrupting American energy suppliers, ransomware attacks by criminal syndicates are much more common and have been soaring lately.

In a statement late Friday, Colonial Pipeline said it was “taking steps to understand and resolve this issue,” focused primarily on ”the safe and efficient restoration of our service and our efforts to return to normal operation." It said it was "working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”

Oil analyst Andy Lipow said the impact of the attack on fuel supplies and prices depends on how long the pipeline is down. An outage of one or two days would be minimal, he said, but an outage of five or six days could causes shortages and price hikes, particularly in an area stretching from central Alabama to the Washington, D.C., area.

Lipow said a key concern about a lengthy delay would be the supply of jet fuel needed to keep major airports operating, like those in Atlanta and Charlotte, North Carolina.

The precise nature of the attack was unclear, including who launched it and what the motives were. A Colonial Pipeline spokeswoman declined to say whether the company had received a ransom demand, as is common in attacks from cyber criminal syndicates.

A leading expert in industrial control systems, CEO Robert Lee of Dragos, Inc., said everything points to a ransomware attack.

“How long they’ll be down depends on how far and wide this is,” he said. The pipeline could be back up and running relatively quickly if only IT systems are affected and Colonial was well-prepared. But if the network that directly controls pipeline functions is impacted it could take days, he said.

“It would not be unreasonable for a longer term, a week or so, of outages if it’s impactful on the operations side. We just don’t know that yet,” Lee said.

Ransomware scrambles a victim organization’s data with encryption. The criminals leave instructions on infected computers for how to negotiate ransom payments and, once paid, provide software decryption keys.

Mike Chapple, teaching professor of IT, analytics and operations at the University of Notre Dame’s Mendoza College of Business and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions.

“The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren’t in place,” Chapple said.

Brian Bethune, a professor of applied economics at Boston College, also said the impact on consumer prices should be short-lived as long as the shutdown does not last for more than a week or two. “But it is an indication of how vulnerable our infrastructure is to these kinds of cyberattacks,” he said.

Bethune noted the shutdown is occurring at a time when energy prices have already been rising as the economy re-opens further as pandemic restrictions are lifted. According to the AAA auto club, the national average for a gallon of regular gasoline has increased by four cents since Monday to $2.94.

Colonial Pipeline said it transports more than 100 million gallons of fuel daily, through a pipeline system spanning more than 5,500 miles.

The FBI and the White House’s National Security Council did not immediately return messages seeking comment. The federal Cybersecurity Infrastructure and Security Agency referred questions about the incident to the company.

A hacker’s botched attempt to poison the water supply of a small Florida city raised alarms about how vulnerable the nation’s critical infrastructure may be to attacks by more sophisticated intruders.

Anne Neuberger, the Biden administration’s deputy national security adviser for cybersecurity and emerging technology, said in an interview with The Associated Press in April that the government was undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks. She said the goal was to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity.

Since then, the White House has announced a 100-day initiative aimed at protecting the country’s electricity system from cyberattacks by encouraging owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks. It includes concrete milestones for them to put technologies into use so they can spot and respond to intrusions in real time. The Justice Department has also announced a new task force dedicated to countering ransomware attacks in which data is seized by hackers who demand payment from victims in order to release it.

___

Suderman reported from Richmond, Virginia. AP Economics Writer Martin Crutsinger and Technology Writer Frank Bajak contributed.

Featured Article: Cost of Equity For A Business, Investors


7 Penny Stocks That Don’t Care About Robinhood

By the time you read this Vladimir Tenev, the CEO of the trading app Robinhood, will be testifying in front of Congress. The company’s role in the GameStop (NYSE:GME) short squeeze will be called into question.

However, the real issue at stake is the right of traders to buy and sell the equities of their choice. In the case of Robinhood, some traders are buying a lot of penny stocks. While definitions vary, penny stocks are generally considered stocks that are trading for less than $10 per share. These stocks are largely ignored by the investment community.

One reason is that many of these stocks are cheap for a reason. For example, the company may have a business model that is out of date. In other cases, they operate in a very small, niche market that doesn’t drive a lot of revenue.

And most of these stocks are ignored by the investment community. They simply aren’t considered significant enough to spend time debating.

But some penny stocks do have the attention of Wall Street. And they’re being largely ignored by the day trading community. The focus of this special presentation is to direct you to penny stocks that have a story that the “smart money” thinks will eventually be trading at much higher prices.

And that’s why you should be looking at them now.

View the "7 Penny Stocks That Don’t Care About Robinhood".


MarketBeat - Stock Market News and Research Tools logo

MarketBeat empowers individual investors to make better trading decisions by providing real-time financial data and objective market analysis. Whether you’re looking for analyst ratings, corporate buybacks, dividends, earnings, economic reports, financials, insider trades, IPOs, SEC filings or stock splits, MarketBeat has the objective information you need to analyze any stock. Learn more about MarketBeat.

MarketBeat is accredited by the Better Business Bureau

© American Consumer News, LLC dba MarketBeat® 2010-2021. All rights reserved.
326 E 8th St #105, Sioux Falls, SD 57103 | U.S. Based Support Team at [email protected] | (844) 978-6257
MarketBeat does not provide personalized financial advice and does not issue recommendations or offers to buy stock or sell any security.

Our Accessibility Statement | Terms of Service | Do Not Sell My Information

© 2021 Market data provided is at least 10-minutes delayed and hosted by Barchart Solutions. Information is provided 'as-is' and solely for informational purposes, not for trading purposes or advice, and is delayed. To see all exchange delays and terms of use please see disclaimer. Fundamental company data provided by Zacks Investment Research. As a bonus to opt-ing into our email newsletters, you will also get a free subscription to the Liberty Through Wealth e-newsletter. You can opt out at any time.