The operator, Colonial Pipeline, said Saturday that the incident was ransomware.
The attack comes amid growing concerns about cybersecurity vulnerabilities in America’s critical infrastructure following recent incidents. After the Biden government made efforts last month to improve cybersecurity on the country’s power grid, it urged industry leaders to install technology that could prevent attacks on their power supply.
Colonial, which according to its website transports more than 100 million gallons of gasoline and other fuel from Houston to New York Harbor every day, learned of the cyberattack on Friday and caused them to halt operations.
“In response, we have proactively taken certain systems offline to contain the threat that has temporarily suspended all pipeline operations and affected some of our IT systems,” the company said in a statement.
Colonial said it hired a third-party cybersecurity firm to open an investigation into “the nature and scope of this incident,” and has also reached out to law enforcement and other federal agencies. A FireEye spokeswoman confirmed to CNN Saturday night that FireEye Mandiant had been hired to manage the investigation.
The US agency for cybersecurity and infrastructure security is “related to the situation with the company and our interactors,” said Eric Goldstein, deputy general manager of the cybersecurity division of CISA, in a statement on Saturday.
“This underscores the threat ransomware poses to businesses regardless of size or industry,” he said. “We encourage every organization to take steps to improve their cybersecurity and reduce their exposure to these types of threats.”
President Joe Biden was informed of the closure Saturday morning, a White House spokesman said.
“The federal government is actively working to assess the impact of this incident, avoid disruptions in supply and help the company get the pipeline back up and running as soon as possible,” said the White House spokesman.
A White House official said the analysis was still ongoing to see if supplies could become an issue after the event. The White House is planning a number of scenarios, the official said, and is working with state and local authorities to figure out what possible steps are needed to mitigate the potential impact on supplies if needed.
Cybersecurity took center stage after two alarming incidents – the SolarWinds intrusion campaign by suspected Russian hackers that compromised nine US agencies and dozen of private organizations, and the China-linked hack of Microsoft Exchange server vulnerabilities that affected tens of thousands of systems uncovered worldwide – as well as a high-profile, albeit unsuccessful, cyberattack in Florida earlier this year that attempted to compromise a water treatment plant. The ransomware attacks have worsened over the years, with recent targets being as diverse as state and local governments, hospitals and police departments. Cyber attacks are a type of malicious software that blocks a victim’s computer and makes it unusable until the victim pays the attacker, often in bitcoin.
A spokesman for the Department of Energy said the department is “coordinating with the Colonial Pipeline Company, the power industry, states and interagency partners to raise awareness and support the response to this incident.”
“DOE also works closely with the coordination councils of the energy sector and the centers for the exchange and analysis of energy information and monitors possible effects on the energy supply,” the spokesman told CNN.
Colonial said Friday that it is “taking steps to understand and resolve this issue”.
“Right now, our primary focus is on the safe and efficient restoration of our service and our efforts to return to normal operations. This process is already underway and we are working diligently to address this issue and minimize disruption to our customers and them.” who rely on Colonial Pipeline, “said the company.
Colonial was founded in 1962 and claims to transport around 45% of all fuel consumed on the east coast. The pipeline system, which extends for more than 5,500 miles, has two main lines: one for gasoline and one for diesel and jet fuel.
The company also had to shut down its pipeline in 2017 when Hurricane Harvey hit the Gulf Coast. The pipeline was shut down for 11 days in September 2016 due to an underground leak and in November 2016 due to a fatal fire along a section of the pipeline in Alabama.
This story was updated on Saturday with further developments.
CNN’s Jamie Crawford, Brian Fung, Geneva Sands, Donald Judd and Arlette Saenz contributed to this report.