WASHINGTON – A company that operates a major U.S. energy pipeline says it was forced to temporarily halt all pipeline operations following a cybersecurity attack.
In a statement, Colonial Pipeline said the attack took place Friday and also affected some of its information technology systems. The company describes itself as the largest refined products pipeline in the United States and transports roughly 45% of all fuel, including gasoline, diesel fuel and home heating oil, that is consumed on the East Coast.
The Alpharetta, Georgia-based company said it hired an outside cybersecurity firm to investigate the nature and scope of the attack and has also contacted law enforcement and federal agencies.
“Colonial Pipeline is taking steps to understand and resolve this issue,” the company said in a late Friday statement. “At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline.”
The precise nature of the incident was unclear, including who launched the attack and what the motives were.
Mike Chapple, teaching professor of IT, analytics and operations at the University of Notre Dame’s Mendoza College of Business and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions.
“The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren’t in place,” Chapple said.
Colonial Pipeline said it transports more than 100 million gallons of fuel daily, through a pipeline system spanning more than 5,500 miles between Texas and New Jersey.