Because it is privately held, Colonial is under less pressure than a publicly traded company might be to reveal details. But as the custodian of a major piece of the nation’s cyberinfrastructure, the company is bound to come under scrutiny over the quality of its protections and its transparency about how it responded to the attack.
People familiar with the investigation said that although Colonial insisted that it became aware of the attack on Friday, the events appeared to have unfolded over several days. It has hired the private cybersecurity company FireEye, which has responded to the hacking of Sony Pictures Entertainment, energy facility breaches in the Middle East and many events involving the federal government.
Bringing down the pipeline operations to protect against a broader, more damaging intrusion is fairly standard practice. But in this case, it left open the question of whether the attackers themselves now had the ability to directly turn the pipelines on or off or bring about operations that could cause an accident.
The ransomware attack is the second known such incident aimed at a pipeline operator. Last year, the Cybersecurity and Infrastructure Security Agency reported a ransomware attack on a natural gas compression facility belonging to a pipeline operator. That caused a shutdown of the facility for two days, though the agency never revealed the company’s name.
Cybersecurity experts say the rise of automated attack tools and payment of ransom in cryptocurrencies, which make it harder to trace perpetrators, have exacerbated such attacks.
“We’ve seen ransomware start hitting soft targets like hospitals and municipalities, where losing access has real-world consequences and makes victims more likely to pay,” said Ulf Lindqvist, a director at SRI International who specializes in threats to industrial systems. “We are talking about the risk of injury or death, not just losing your email.”
Colonial Pipeline, based in Alpharetta, Ga., is owned by several American and foreign companies and investment firms, including Koch Industries and Royal Dutch Shell. The pipeline connects Houston and the Port of New York and New Jersey and also provides jet fuel to major airports, including those in Atlanta and the Washington, D.C., area.