Discover more from Zero Day
US Gov Issues Emergency Order While Colonial Pipeline Is Down
The move lets fuel that's backed up in Texas and elsewhere be more quickly transported by trucks while pipeline remains offline. Colonial has not said when its pipelines will be back online.
The U.S. Transportation Department issued an emergency order in response to the Colonial Pipeline ransomware incident on Sunday; the move allows backed-up inventories of oil and fuel that are sitting in tanks and refineries in Texas and other parts of the country to be transported to New York more quickly via trucks while the pipeline is offline by easing restrictions on drivers.
The emergency move, initially reported by the BBC, eases restrictions on the hours that truck drivers can work. The BBC had initially reported that the government issued a waiver to the Jones Act, which requires that goods shipped between U.S. ports be carried on U.S.-built and -owned ships — that is, vessels that are built, owned and operated by U.S. citizens or permanent residents. Although this would allow greater flexibility in the number of ships to be employed for the transportation of the oil, there is no sign yet that the government is taking steps to do this. [See below for info about correction.]
Separately, Bloomberg provided new information about the ransomware incident: the attackers stole nearly 100GB of data from Colonial Pipeline before locking some of its computers and servers and demanding a ransom. The attackers have threatened to publish the data online if Colonial doesn’t pay the ransom.
Colonial published an update to its web site on Sunday saying that it has put small parts of the pipeline back in service, but the mainlines are still offline.
“While our mainlines (Lines 1, 2, 3 and 4) remain offline, some smaller lateral lines between terminals and delivery points are now operational,” the statement reads. “We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”
Colonial was hit by the ransomware on Thursday evening and took its pipelines offline on Friday. In its statement on Sunday, the company said, “Over the past 48 hours, Colonial Pipeline personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline.”
A source who works for a large midstream oil company that feeds fuel into Colonial’s pipeline told Zero Day that the control systems for his company’s tank farms connect directly to control systems at Colonial Pipeline and that as soon as they learned about the ransomware incident on Saturday, they disconnected those systems to prevent the ransomware from traveling to their systems from Colonial’s networks.
He told Zero Day that his company has had to scramble to figure out what to do with the oil and fuel they have sitting in tanks and that they have received no word from Colonial about when the pipeline will be back online.
“We had a big batch scheduled today [to go to Colonial],” he told Zero Day. Instead they have to figure out other storage options for the fuel or reduce capacity in the refineries feeding the tanks. They also have to keep the material in the tanks moving with mixers or it will “stratify and affect product quality,” he said.
His company was told that Colonial’s main pipelines would “not be fixed in 1-2 days, but won’t take six weeks.” He’s not sure why Colonial would provide such a wide-ranging time period but said it’s “very concerning for our interests.”
“We gotta find storage for refineries [and we] might run out [of storage] it takes too long. Then refineries [will have to] cut back. Problem escalates,” he said.
Colonial Pipeline has said that only its corporate IT network was infected with the ransomware but that it decided to close down the operational network — and the pipelines that this network controls — out of an abundance of caution.
The source who works for the midstream oil company told Zero Day that one reason Colonial might still be keeping the pipelines offline — in addition to needing to add security measures to it — is because “something they need for [restarting] the pipeline is ransomed.”
He thinks this could be the automated ticketing system for billing customers, which is on the corporate IT network that was hit with the ransomware. If that system is locked, Colonial can’t invoice customers automatically, he said.
Colonial’s operational network controls the flow of oil product from the pipeline to distributors, then passes information to the ticketing system — located on the IT network — about how much each distributor received so the ticketing system can invoice them. If that system is locked and the pipeline is still flowing, Colonial would have to manually collect information about how much fuel is flowing to each customer, then manually process invoices. If Colonial didn’t already have a plan for doing this manually, it may keep the pipelines down until it can determine an efficient way to invoice customers this way or until it can restore the automated ticketing system.
In the meantime, gas and jet fuel supplies could start to be affected by the shutdown. Oil market analyst Gaurav Sharma told the BBC that shipping fuel via tankers won’t be sufficient to handle all of the back-up fuel sitting in tank farms and refineries.
"Unless they sort it out by Tuesday, they're in big trouble," he said. "The first areas to be impacted would be Atlanta and Tennessee, then the domino effect goes up to New York."
Colonial is the largest supplier of fuel between Texas and New York. Its pipelines supply nearly half of the gas, diesel and jet fuel that is consumed on the Eastern seaboard, according to the company. Supplies have not yet dwindled in storage there, but if the shutdown continues well into next week, experts say supplies could start to dip during a time when cities are re-opening from the pandemic and people are gearing up for spring and summer travel by vehicle and planes.
Fuel problems could be exacerbated by a shortage of fuel truck drivers. Some 25 percent of fuel trucks in the U.S. are sitting unused due to a shortage of drivers, the National Tank Truck Carriers association reported last month. The shortage is due to layoffs and retirements and the fact that fuel truck drivers need special safety training that takes time, preventing the workforce from being replenished quickly. This could mean a greater reliance on maritime vessels to transport the fuel, which will require logistical changes and result in a disruption of shipping operations.
[Update: story has been updated to correct error from BBC, which reported initially that Biden had announced a state of emergency in response to the ransomware infection and then reported it had waived the Jones Act.]
If you found this article useful, please consider sharing it.
If you’d like to receive other articles like this, you can subscribe to Zero Day here: