There was no clear end in sight on Monday to the outage stemming from a cyberattack that forced the largest refined products pipeline in the United States offline late last week.

Colonial Pipeline

Colonial Pipeline Co., a major supplier of gasoline, diesel and jet fuel to the eastern United States, said in a statement over the weekend that it halted operations across a pipeline system that spans more than 5,500 miles on Friday after learning it was the victim of a ransomware attack. Hackers infiltrated some of its information-technology (IT) systems.

In a statement Monday afternoon, the company said it was still working to address the scope of the security threat and restart a pipeline system that transports nearly half of the East Coast’s fuel supply from the Gulf Coast. Colonial has not said if it paid a ransom.

Georgia-based Colonial, which transports more than 100 million gallons of fuel daily, said it was working with law enforcement authorities, the federal government and a third-party cybersecurity firm to investigate the attack. It said the probes were ongoing, and it was not known when the company’s pipeline system would resume full operations.

“Restoring our network to normal operations is a process that requires the diligent remediation of our systems, and this takes time. In response to the cybersecurity attack on our system, we proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems. To restore service, we must work to ensure that each of these systems can be brought back online safely,” Colonial said in its Monday statement.

“While this situation remains fluid and continues to evolve, the Colonial operations team is executing a plan that involves an incremental process that will facilitate a return to service in a phased approach,” the company added. “This plan is based on a number of factors with safety and compliance driving our operational decisions, and the goal of substantially restoring operational service by the end of the week.”

In the meantime, analysts said the shutdown raises concerns about shortages of gasoline, diesel and jet fuel throughout the East Coast, including the Greater New York City market. This developed just ahead of the summer travel season and as major metropolitan economies are fully reopening after long pandemic-induced lockdowns.

“Extended downtime at Colonial would severely impact refined product supply to the high-density East Coast,” a region with less than one million b/d of refining capacity but 5.3 million b/d of current demand, said analysts at Tudor, Pickering, Holt & Co. 

A prolonged shutdown could curb economic activity and put substantial upward pressure on fuel prices, analysts at ClearView Energy Partners LLC said.

“The Colonial outage comes at a critical juncture for the recovering U.S. economy,” the ClearView team said. Should the pipeline system problems persist for several more days, prices could spike. “As in past crises, the path from outage to outrage may only be a matter of time.”

Gasoline futures were up modestly Monday.

The White House said the federal government was working on alternative plans to minimize supply disruptions. As of Monday, the one notable change came from the U.S. Transportation Department. It suspended limits on working hours for fuel truck drivers in affected states, a move intended to boost delivery by highway.

“The pipeline closure could also mean that U.S. crude exports, which surged to 4.1 million b/d last week, are kept onshore and fed into domestic refineries to replenish inventories,” Rystad Energy analyst Louise Dickson. “Storage in the Northeast and Southeast regions of the U.S. are poised to be heavily tapped in the coming days as the pipeline remains offline.”

As for the cyberattack itself, analysts said Colonial and authorities would try to identify the precise entry point of the security breach and the extent of the company’s exposure, but investigations could prove complex and time-consuming.

“A common gap in the pipeline industry is the lack of segmentation of the pipeline supervisory control and data acquisition (SCADA) networks, which are the networks that connect the pipeline control center to every terminal, pumping station, remote isolation valve and tank farm along the pipeline,” said aeCyberSolutions’ John Cusimano, vice president.

“These are very large networks covering extensive distances, but they are typically flat from a network segmentation standpoint. This means that once someone gains access to the SCADA network, they have access to every device on the network,” Cusimano said. “While pipeline SCADA networks are typically separated from the company’s business (IT) networks with firewalls, by design, those firewalls pass some data between the networks.” 

This, he said, may have left pathways for hackers to move from the IT network into the SCADA network and is likely why the company needed to shut down pipeline operations.