Two-lane-wide security gatehouses shield Colonial Pipeline’s corporate office at multiple entrances to Sanctuary Park in Alpharetta, Ga. Even on weekends, guards monitor the gate and turn away unwanted visitors.
Yet a single compromised password killed almost all operations for the 5,500-mile pipeline from May 7 to May 13, whipping buyers into a frenzy that drained 16,000 stations along the East Coast of their fuel.
Aside from few hours following Y2K, the pipeline has never been completely down, CEO Joseph Blount testified to the U.S. Senate Homeland Security and Governmental Affairs Committee on June 8.
It may take years for the company to recover from the DarkSide ransomware attack, he said, even after the U.S. Justice Department’s newly formed Ransomware and Digital Extortion Task Force seized 63.7 bitcoins — worth most of the 75-bitcoin ransom and equivalent at that time to $2.3 million — from the Russia-based group on June 7.
“In the weeks since your company was struck, we have seen a series of other attacks, on everything from our transportation networks to meat-packing centers,” committee Chairman Sen. Gary Peters, D-Mich., said during the hearing. “Those private sector strikes follow especially damaging attacks on our government, including the extensive SolarWinds hack last year. While the objectives of these attacks differ, they all demonstrate that bad actors, whether criminal organizations or foreign governments, are always looking to exploit the weakest link, infiltrate networks, steal information, and disrupt American life.”
Critics and plaintiffs argue that Colonial Pipeline didn’t do enough to gird its network against even basic hacks. They also argue the company had an obligation to the public to release more supply of fuel.
The company declined to comment when reached by GSA Business Report.
Blount maintained in the hearing that the pipeline was shut down to prevent DarkSide from being able to control the network, as the company wasn’t sure at the time how deep the hackers were in the system or their intent. He said the shutdown was not simply due to the company’s inability to bill for the gasoline coming through the pipeline. He also admitted during the hearing that the hacked account lacked multifactor authentication and apologized for the outcome of the attack.
“On May 7, our employees activated our companywide incident response process and executed the steps they were trained to carry out,” he said in his testimony. “Shutting down the pipeline was absolutely the right decision, and I stand by our employees’ decision to do what they were trained to do.”
One North Carolina resident, Ramon Dickerson, filed a lawsuit against the company, requesting that Colonial compensate every individual and business impacted negatively by the rising prices and gasoline shortages that resulted from the shutdown.
“As a result of the defendant’s failure to properly secure Colonial Pipeline’s critical infrastructure — leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021 — there have been catastrophic effects for consumers and other end-users of gasoline up and down the East Coast,” Dickerson’s attorney James Evangelista writes in the complaint filed on May 18 in a U.S. District Court in Georgia.
As of May 12, 45% of gas stations in South Carolina were still out of gas, according to the complaint, pushing the U.S. average price per gallon to above $3 for the first time in six years.
In the month before the hack, the U.S. average hovered above $2.86 with Charlotte-area stations averaging just above $2.58.
“So part of that was say risk avoidance,” said Chris de Bodisco, a Stetson University economist and professor that specializes in the market failures and the economic impact of shutting down pipelines. “Demand spiked up, and people heard about a possible shortage and maybe some overreaction and some misinformation kind of drove some of that. Demand spiked up as much as 30% in some areas. And that definitely depleted supplies of depleted inventories and in fact, created shortages in areas that weren't even served by Colonial.”
He noted that even in Orlando, Fla., an area not supplied from the pipeline, gas stations sold out and had to turn customers away in the days following the attack.
Even after Colonial Pipeline’s manual transport of more than 41 million gallons of gasoline to its tank farm in Belton, as well as locations in Spartanburg, Charlotte and five other East Coast markets, gas stations — at least in the Belton area — sold out almost immediately after, according to several gas station employees.
Belton was under additional pressure as a known location of a tank farm, with motorists streaming to the area from Greenville and other areas across the Upstate. Attendants at the Shell, Citco and BP stations closest to the tank farm that receive all or most of their supply from Colonial Pipeline all agreed that the shortage was one driven solely by demand — at least in the Upstate.
All reported that motorists just “went ballistic,” “crazy” and were stirred into a “frenzy” at the pumps, filling trashbags and draining thousands of gallons in one night.
Three weeks out, the Shell and BP closest to the pipeline was still out of diesel and prices remained at $2.79. Citgo prices were above $2.80.
Representatives from several terminals at the tank farm sourced from the pipeline also noted that they have product and always had product. They, too, agreed that it was more of a demand problem than a supply problem, although they declined to be quoted.
To mitigate the crunch, gas companies sought other sources for transport while drive-time limit regulations were waived for truckers.
“We are seeking alternative supply points, where possible, and are in close coordination with our Shell-branded wholesalers to tackle supply and logistical challenges as a result of this incident,” said a May 13 Shell statement forwarded when the company was asked for comment by GSA Business Report.
Kinder Morgan, a Colonial Pipeline competitor that operates out of Belton, took the opportunity to fill in the gap left by Colonial, according to Melissa Ruiz, spokeswoman for Kinder Morgan. Kinder Morgan owns and operates Products Pipeline, formerly known as Plantation Pipeline, and also gets some of its supply from Colonial.
Kinder Morgan also deferred any non-essential maintenance that would reduce flowrates down the pipeline.
“In other words, we are transporting and storing every barrel of product we are able to receive from customers,” she said in a statement from the week following the attack.
Greenville Spartanburg International Airport representatives also noted that despite escalating prices and concerns of major disruption — especially with airports like the Charlotte International Airport being directly serviced by the pipeline — there was little change to day-to-day operations.
“During the fuel shortage, GSP maintained sufficient fuel supply for all our passenger and cargo operations,” spokeswoman Michelle Newman said in an email. “No flights at GSP were delayed by the fuel shortage. We monitored the situation closely and remained in constant communications with our airline partners to ensure uninterrupted service.”
This article first appeared in the June 14 print issue of GSA Business Report.