Colonial restoring branch lines after cyber attack

Colonial Pipeline began restarting branch lines along its 5,500-mile (8,851km) fuel transport system today, but said it cannot yet restore flows along its main lines from the Gulf coast to New York Harbor following a cyber attack.

Colonial said it restarted some of the 65 smaller lateral lines shut since last week between terminals and delivery points, and is in the process of restarting other branch lines. But the wide-diameter pipelines that stretch from Houston to Linden, New Jersey, feeding much of the east coast's demand for gasoline, diesel and jet fuel, remain offline.

The company is developing a plan to fully restart the system, but that will happen "only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations."

Colonial notified shippers midday on 7 May that the pipeline system was having network issues but later revealed it to be a cybersecurity breach involving ransomware. To contain the threat, Colonial said it shut down some systems, which halted all pipeline operations.

Colonial said a third-party cybersecurity team is investigating the nature and scope of the attack, and it is cooperating with law enforcement.

New York market already tight

Even before the Colonial pipeline cyber attack, gasoline supplies were tight in New York Harbor, partly because shipments from the US Gulf coast were slow. While the arbitrage between the regions was open on paper, most shipments on the pipeline were being diverted to locations south of the pipeline's terminus.

New York Harbor RBOB gasoline prices rose last week to a two-year high of $2.15/USG amid an unplanned gasoline unit outage at Phillips 66's 250,000 b/d Bayway refinery in Linden. The unit may be returning to service this week, according to a source.

Any shortages in the US Atlantic coast may be helped by transatlantic gasoline loadings from Europe that at the end of April hit the highest levels since summer 2019. These cargoes are scheduled to arrive in New York Harbor in first-half May.

The diesel arbitrage into New York Harbor was closed last week on paper but jet was narrowly open.

The disruption is not expected to have a large impact on products flows to the midcontinent, because one of the two main pipelines from the Gulf Coast into the region is booked to capacity through the end of May.

Product trapped on the Gulf coast will need to be stored in the region or exported.

All hands on deck

President Joe Biden was briefed on the attack yesterday, US commerce secretary Gina Raimondo said today. The administration is working with the company and state and local officials to avoid supply disruptions and to ensure pipeline operations are restored as quickly as possible, she said.

The Department of Transportation declared an emergency today waiving some fuel transport rules, including the number of hours fuel delivery drivers can work, to help ease possible fuel shortages.

"It's an all-hands-on-deck effort right now," Raimondo said. "Unfortunately, these sorts of attacks are becoming more frequent. They're here to stay and we have to work in partnership with businesses to secure networks, to defend ourselves against these attacks."

Warnings about the pipeline industry's exposure to cyber attacks have been ringing for years. A February 2017 study sponsored by engineering group Siemens found that the deployment of cybersecurity measures in the US oil and gas industry was not keeping pace with the growth of digitization in operations.

After a 2018 attack on Latitude Technologies' EDI system — a third party service used for pipeline scheduling and nominations — at least four companies that own interstate natural gas pipelines advised customers to temporarily switch to other systems. That cyber attack did not disrupt physical pipeline operations.

Enterprise Products Partners in 2019 said it had "doubled down" on cybersecurity, boosting investment in its internet technology group to address the rising threat to pipeline systems.

Calls for more oversight, spending

The security of the country's oil, gas and hazardous liquid pipelines is overseen by the US Transportation Security Administration's (TSA), and some in government have debated whether the TSA is the right agency for the job.

US senator Edward Markey (D-Massachusetts) revived those questions today, saying the TSA for years has not had enough staff working on pipeline safety.

"While we need more information about the circumstances that allowed the Colonial Pipeline cyber attack, we cannot ignore the longstanding inadequacies that allowed for, and enabled, cyber intrusions into our critical infrastructure," Markey said.

US senator Ben Sasse (R-Nebraska) said "hardening of these critical sectors" must be a priority in any infrastructure bill passed by Congress.

"This is a play that will be run again, and we're not adequately prepared," he said today.

By Jack Kaskey