One of the largest fuel pipelines in the U.S. has been shut down for days following a cybersecurity attack on Friday, May 7. The breach could affect fuel markets if the shutdown continues and is a reminder of what cybercriminals can do to a business.
In an attempt to stave off potential fuel price spikes, the U.S. Department of Transportation took steps Sunday, May 9, to create more flexible regulations for motor carriers and drivers. The Federal Motor Carrier Safety Administration issued temporary hours of service exemptions for fleets and drivers transporting gasoline, diesel, jet fuel and other petroleum products to 17 states and the District of Columbia.
Colonial Pipeline Company, which supplies 45% of the East Coast’s fuel, said its corporate computer system was hit with ransomware. After learning of the attack on May 7, the company took some of its systems offline in an attempt to contain the threat, which it said temporarily halted all pipeline operations and affected some of its IT systems.
Along with contacting local law enforcement and federal agencies, Colonial said it hired a third-party cybersecurity firm to investigate the attack. Cybersecurity officials traced the attack to DarkSide, according to Reuters, a group made up of veteran cybercriminals focused on getting as much money as they can out of victims.
Cybercrimes have been on the rise since the COVID-19 pandemic changed the office work landscape in the U.S. Just last spring, the FBI reported a 300% increase in cybercrimes between March and May 2020. The transportation industry has seen similar surges in attacks this year, according to Ben Barnes, McLeod Software’s vice president of IT services and chief information security officer.
“We didn’t see a lot of attacks in January, February — but in March and April, the ransomware attacks have escalated in our industry and we don’t know why exactly,” Barnes, whose company provides transportation and trucking software solutions, told FleetOwner recently. “But if we can map these patterns and know the same thing happened last year in March and April when we saw attacks go up, we’re starting to see a pattern.”
What is ransomware?
Ransomware is malware that a hacker uses to threaten an entity or individual. The hacker could threaten to publish the victim’s data, which could include industry secrets or financial information. Often hackers will lock an IT system and demand payment to unlock it.
When cybercriminals gain access to an IT system and install ransomware, Barnes said companies face some difficult decisions. A ransomware attack, he said, can easily shut down a business for three days, which is what has happened (so far) to Colonial Pipeline. “You can’t dispatch loads, you can’t pay drivers or conduct financial transactions of any sort, and you may not be able to use email,” Barnes said of what a ransomware attack could mean to a fleet. “Being shut down for three days is an average. Companies that don’t have an incident response plan in place may be looking at one or two weeks of inactivity. The impact on the business can be severe and lasting.”
On May 9, Colonial said its highest priority is maintaining the operational security of its pipeline and bringing its system back online. “Over the past 48 hours, Colonial Pipeline personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline,” according to a company statement.
Colonial said its four main lines are still offline but some “smaller lateral lines between terminals and delivery points are now operational. We are in the process of restoring service to other laterals and will bring our full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”
HOS exemptions
The FMCSA’s hours of service exemption for fuel haulers is in effect until June 8 unless this pipeline emergency ends sooner. It applies to drivers and fleets transporting refined petroleum products to Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia.
“USDOT’s top priority is safety, and while current circumstances dictate providing industry flexibility, FMCSA will work closely with its state and industry partners to monitor driver work hours and conditions for the duration of the exemption,” the agency stated.
The Regional Emergency Declaration and exemptions from Parts 390 through 399 of the Federal Motor Carrier Safety Regulations (FMCSRs) come in response to the unanticipated shutdown of the Colonial Pipeline that affects the supply of gasoline and other petroleum products through the affected states.
“This declaration addresses the emergency conditions creating a need for immediate transportation of gasoline, diesel, jet fuel, and other refined petroleum products and provides necessary relief,” FMCSA said.
“By execution of this Emergency Declaration, motor carriers and drivers providing direct assistance to the emergency in the affected states in direct support of relief efforts related to the shortages of gasoline, diesel, jet fuel, and other refined petroleum products due to the shutdown, partial shutdown, and/or manual operation of the Colonial pipeline system are granted relief from Parts 390 through 399 of Title 49 Code of federal regulations except as restricted herein.”
The full emergency declaration is available here.
The National Tank Truck Carriers (NTTC) said last week—before Friday’s ransomware attack on the Colonial Pipeline — it opposes the HOS exemption for fuel haulers sought by the National Association of Truckstop Operators and three other trade organizations.
“One of the core pillars of our association is a focus on safety, and yes we are combating a driver shortage issue, but in no way, shape or form are we going to sacrifice safety for our professional drivers or the motoring public, for that matter, to get a commodity from Point A to Point B faster,” interim NTTC president Ryan Streblow said.
