Colonial Pipe, headquartered in Alpharetta, Georgia, reported a cybersecurity attack involving ransomware on Friday. The company owns a 5,500-mile system of petroleum pipeline that is the largest in the United States, starting in Houston, Texas, and ending in Linden, New Jersey, at New York Harbor.

Colonial’s subsequent press releases are continually updated, most recently 12:25pm today, Monday, May 10.

On May 7, Colonial Pipeline Company learned it was the victim of a cybersecurity attack and has since determined that the incident involved ransomware… Leading, third-party cybersecurity experts were… immediately engaged.” CBS says that forensic investigation firm is FireEye Mandiant; shares of that company have risen since.

Multiple news outlets accept the FBI’s claim that “Darkside ransomware” is responsible for what it calls a “compromise of the Colonial Pipeline networks.” That appears to be among very few datapoints thus far released by the FBI at what is presumably an early stage of their investigation. Earlier today, the bureau’s Twitter made a statement via 3rd party Twitter poster Hootsuite Inc. that it was notified of the incident Friday and is working with “government partners.

Such partners would typically include the FBI and Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) when the attack is on what is considered critical infrastructure.  MSN is reporting that Trump appointed CISA Director Brandon Wales told senators at a Senate hearing Tuesday, “We are waiting for additional technical information… we do expect information to come… and when we have it, we will use it…”  CISA Colonial’s public statement informs us that the Department of Energy is “leading and coordinating the Federal Government’s response.

Segments of our pipeline are being brought back online in a stepwise fashion,” the press release continues, “we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations and affected some of our IT systems. To restore service, we must work to ensure that each of these systems can be brought back online safely… [It is an] incremental process that will facilitate a return to service in a phased approach,” in a plan based on a goal of “substantially restoring operational service by the end of the week.

Colonial thanked government partners for actions it says “should help alleviate local supply disruptions,” referring to a Department of Transportation exemption. DOT’s tweet said, “to avoid disruption to supply… the USDOT’s Federal Motor Carrier Safety Administration is taking steps to create more flexibility for motor carriers and drivers. FMCSA is issuing temporary hours of service exemption that applies to those transporting gasoline, diesel, jet fuel, and other refined petroleum products.” The exemption will apply to 17 states.

Based on anonymous sources, Reuters reports that the outage has led to a shutdown of two crude distillation units at Motiva Enterprises refinery in Port Arthur, Texas.

Founded in 1962, Colonial delivers refined products, including gasoline, diesel, and home heating oil. It boasts 100 million gallons transported daily to over 50 million Americans, 7 Airports Served Directly, 45% of all fuel consumed on the East Coast, and that it provides fuel for the U.S. Military.

Public-facing pages on Colonial’s website, including an FAQ and one on Emergency Preparedness, provide information about an “extensive program to monitor, maintain, and promote operational excellence” with “aerial and foot patrols of the right-of-way, 24/7 control centers” and an “integrity management program” that allows internal remote inspection of the pipeline. Also mentioned are contractual relationships with Oil Spill Removal Organizations (OSRO), who staff United States Coast Guard (USCG) certified emergency personnel and partnerships with “key public sector agencies and first responders” through an Emergency Responder Liaison Program.
*This article has been updated to include a statement by CISA Director Brandon Wales at a Senate Hearing on 5/11/2021.