Major US pipeline hit by cyber security attack

10 May 2021

The US government has loosened regulations to carry oil supplies by road after a major oil pipeline was hit by a cyber attack.

The US Department of Transportation issued the regional declaration on Sunday 9 May to relax hours-of-service regulations for drivers as part of efforts “to avoid disruption to supply” of oil to the East Coast.

“Temporary hours of service exemption apply to those transporting gasoline, diesel, jet fuel and other refined petroleum products to Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia,” the department said. 

The move comes after the 5,500 mile-long Colonial Pipeline that runs from Texas to New York was hit by a cyber security attack involving ransomware on Friday 7 May. 

The pipeline carries 45% of the East Coast’s fuel supplies and travels through 14 southern and eastern US states.

Colonial said it had “proactively took certain systems offline to contain the threat” after learning of the attack. 

“These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” it said.

The firm said it had also engaged with third-party cyber security experts to launch an investigation into the “nature and scope of this incident”.

In December 2020, a wide-scale supply chain attack was identified through software firm SolarWinds that impacted public and private organisations around the world, including a number of US government departments. The campaign is thought to have begun as early as spring 2020 before being identified.

FireEye, the cybersecurity firm that identified the attack, said hackers had “gained access to victims via trojanised updates to SolarWind’s Orion IT monitoring and management software”. 

Meanwhile last week US commerce secretary Gina Raimondo told the House Appropriations subcommittee on commerce, justice, science and related agencies, that her department suffered "significant" damage as a result of the SolarWinds attack, adding “as a result we are taking [cyber security] very, very seriously”. 

Raimondo also set out further details on a proposed office within the Commerce Department to help secure critical supply chains.

“The office is intended to help us deal with the challenges that we're seeing in our supply chains. I think we all realised during Covid how vulnerable some of our supply chains are. Too many things are being built offshore,” she said. 

Raimondo said the primary functions of the office would be “monitoring across vertical supply chains to find where there are vulnerabilities”, and investing in small and medium-sized manufacturers “to address vulnerabilities”. 

 Want to stay up to date with the news? Sign up to our daily bulletin.

Location: Home-Based with travel
We are offering a salary up to £60,000 for this role, depending on experience.
Zurich Insurance Ltd
Canary Wharf, London (Greater)
£33,119 - £37,209 pa
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates