The Colonial Pipeline Company ships gasoline and jet fuel from the Gulf Coast to about 50 million consumers in the populous East Coast, including Washington DC, Baltimore, and New York, through 5,500 miles (8,850 kilometers) of a pipeline.
The top pipeline operator said Saturday that the incident involved ransomware.
The attack comes amid rising concerns over cybersecurity holes in America’s energy infrastructure following recent incidents, and after the federal government launched an effort last month to boost cybersecurity in the nation’s power grid.
“This attack is unusual for the US. But the bottom line is that attacks targeting operational technology – the industrial control systems on the production line or plant floor – are becoming more frequent,” said Algirde Pipikaite, a cybersecurity expert with the World Economic Forum’s center for cybersecurity.
“Cybersecurity vulnerabilities have become a systemic issue. It needs strategic oversight to ensure that operations have preventative controls and an appropriate responses plan if and when attackers breach a system,” he was quoted by Reuters on Saturday.
Mike Chapple, cybersecurity and analytics expert who teaches at the University of Notre Dame, said on Twitter that the latest cyberattack reveals vulnerabilities in the core elements of America’s energy industry and called on Congress and the White House to show leadership in this regard.
“This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack. Securing our energy infrastructure is a national security issue that involves several different federal agencies and requires centralized leadership,” he wrote.