Energy Transfer Partners LP (ETP) said a third-party software system it uses was the victim of a cyberattack on Monday, but the incident did not affect its day-to-day operations. Other pipeline companies using the same software said they were not affected by the outage and have backup systems in place.
Shortly after 12:30 p.m. ET on Monday, ETP issued a critical notice on its electronic bulletin board for Rover Pipeline. The notice said its EDI system, a platform developed by Norwell, MA-based Energy Services Group LLC (ESG), had experienced an outage.
Because of a cyberattack on ETP's third-party EDI provider, Latitude Technologies Inc., “EDI will be unavailable until further notice," the company told its trading partners. ESG acquired Latitude Technologies Inc. in November 2016.
"ETP is evaluating Latitude's status and will be testing to assure safe file transactions,” the notice said. “When the system is available and safe, a new notice will be posted."
The second notice was posted about five hours later on Monday. "ETP has evaluated our EDI provider's status and is comfortable that EDI file transactions can safely be exchanged," it said. EDI files were able to be exchanged after 5:00 pm CT.
ETP spokeswoman Alexis Daniel told NGI on Tuesday that "there was an attack on a third-party service provider. This situation has not impacted our operations as we are handling all scheduling in house during this time."
Other pipelines also use EDI. Spokeswoman Phyllis Hammond of Tallgrass Energy Partners LP said EDI "primarily allows shippers and operators to electronically communicate daily transactions.
"Tallgrass Energy does not use the same EDI provider that experienced the attack reported yesterday, and our system was not impacted by the incident," Hammond said Tuesday. "It's important to note that we have systems in place to effectively work with those parties whose systems were impacted to ensure our operations continued to run normally."
Kinder Morgan Inc. (KMI) spokeswoman Sara Hughes confirmed that KMI also uses EDI, but that its system "was not affected” by the cyberattack. She said since the company had not been affected, "there is no need for us to change our system or process at this time."
Last month, the Trump administration accused Russian government operatives of targeting the U.S. energy sector, government agencies and other critical infrastructure sectors with a series of cyberattacks for at least the last two years. The accusation followed an investigation by the Department of Homeland Security and the Federal Bureau of Investigation.
In early March, the House Committee on Science, Space and Technology issued a report that found Russian agents were using social media to try and disrupt energy markets in the United States.