On Saturday, the company responsible for the pipeline (Colonial Pipeline) that carries nearly half the fuel consumed on the East Coast of the United States released a statement saying it had been the victim of a cyberattack and had to temporarily shut down.
"On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware. In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems," the statement read.
The Colonial Pipeline Company also added that it sought out the services of a leading, third-party cybersecurity firm and contacted law enforcement and other federal agencies.
"At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway, and we are working diligently to address this matter and to minimize disruption to our customers and those who rely on Colonial Pipeline," continued the statement.
The event made headlines around the world and exposed just how fragile cybersecurity in large companies can be with some calling the attack the largest of its kind.
"This is the largest impact on the energy system in the United States we've seen from a cyberattack, full stop," Rob Lee, CEO of the infrastructure-focused security firm Dragos told Wired. "You have a real ability to impact the electric system in a broad way by cutting the supply of natural gas. This is a big deal."
All in all, the Colonial Pipeline Company has essentially cut deliveries of 2.5 million barrels per day of gasoline, diesel, and jet fuel through 5,500 miles (8,850 km) of pipelines.
Luckily, the attack should not impact gas prices. Patrick DeHaan, Petroleum analyst, Gasbuddy, told Reuters that: "I would not expect this to last long enough to make fuel pricing or supply an issue. Gas prices are not impacted yet, and should not be if Colonial's operations return soon."
Still, the attack shows just how vulnerable even large multinationals can be to cyberattacks and the importance of having foolproof cybersecurity networks in place. The question that is on everyone's mind now is: could this have been avoided?
The Colonial Pipeline Company has now reached out to a cybersecurity firm but is it a little too late? Were there processes that could have been put into place so that the attack was thwarted? It's hard to tell as this type of attack is unique in the sense that it has no similar precedent. It will be interesting to see if any such similar attacks occur in the future.