Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Businesses Security

Colonial Announces Pipeline Restart After Being Shut Down For Five Days Due To Cyberattack (nbcnews.com) 46

Colonial Pipeline, operator of the largest U.S. fuel pipeline, said Wednesday it is restarting operations after being shut down for five days due to a cyberattack. NBC News reports: The company shut down its entire operation Friday after its financial computer networks were infected by a Russia-tied hacker gang known as DarkSide, fearing that the hackers could spread to its industrial operations as well. The shutdown led to widespread gasoline shortages and caused temporary price spikes. "Colonial Pipeline initiated the restart of pipeline operations today at approximately 5 p.m. ET," the company said in a statement on its website. "Following this restart, it will take several days for the product delivery supply chain to return to normal."
This discussion has been archived. No new comments can be posted.

Colonial Announces Pipeline Restart After Being Shut Down For Five Days Due To Cyberattack

Comments Filter:
  • by SuperKendall ( 25149 ) on Wednesday May 12, 2021 @04:54PM (#61378330)

    Regardless of how well they can secure this pipeline or not going forward, it seems like having just one companies pipeline go down affect pretty much the entire supply of gasoline across the eastern coast is an incredibly fragile weak point for a country to have.

    • Plenty of those major points of failure around.

      I'm curious if they paid off the ransomware thugs like a bunch of wusses.

    • Not enough free market, stop that oligarchy now!
    • by NickDngr ( 561211 ) on Wednesday May 12, 2021 @05:12PM (#61378370) Journal

      Regardless of how well they can secure this pipeline or not going forward, it seems like having just one companies pipeline go down affect pretty much the entire supply of gasoline across the eastern coast is an incredibly fragile weak point for a country to have.

      A large part of the problem was gas hoarding. It was the whole toilet paper thing all over again. As soon as the news broke people were lining up at gas stations with their gas cans to stock up.

      • A large part of the problem was gas hoarding.

        Yes, the fat fucks in their fat SUVs [9cache.com] are definitely a problem.

      • by sjames ( 1099 )

        This. I even saw people on the news dispensing gasoline into plastic bags to hoard even more. It's only been down 5 days and normally gas stations have a few days worth (at normal sales volume) in their tanks on-site. People who fill up once a week probably haven't actually needed to get gas yet (other than the fear that some idiot would dispense the last 5 gallons into a hefty bag if they don't get it now).

        Had it not been a major headline followed by a panic, I wonder if consumers would have even noticed t

    • Regardless of how well they can secure this pipeline or not going forward, it seems like having just one companies pipeline go down affect pretty much the entire supply of gasoline across the eastern coast is an incredibly fragile weak point for a country to have.

      Not disputing your single point of failure argument, but the hack was on the company's financial systems. The company chose to shutdown the pipeline control systems as a precaution -- though I'm pretty sure the petroleum companies are happy about resulting short-term price spike ...

      • [T]the hack was on the company's financial systems.

        Boss Bubba thinking "If we can't take in money then why the heck are we open?"

        The company chose to shutdown the pipeline control systems as a precaution -- though I'm pretty sure the petroleum companies are happy about resulting short-term price spike ...

        How far is Colonial Pipeline from the old Enron offices?

    • Regardless of how well they can secure this pipeline or not going forward, it seems like having just one companies pipeline go down affect pretty much the entire supply of gasoline across the eastern coast is an incredibly fragile weak point for a country to have.

      You can look to Europe as to how countries cope with this problem. E.g. Austria who has enough strategic reserves to get through a winter, a necessity that dates back a few decades to when the russians would constantly cut off Europe's gas supply and blame the Ukraine.

      Pipelines are expensive.

    • At this stage, it's negligence, for operations this big, switch over to a clean offline system should go unnoticed, except for the alarm that it happened

    • Not really. Plenty of local stockpile, and the pipeline was never directly impacted. It has to be able to accommodate hurricanes so it is a pretty hardened distribution network.

    • I guess it's a good thing then that the pipeline was secure the whole time and the supply of gasoline across the east coats was never reduced.

      Now if only there was something we could do about the slack-jawed yokels and their panic buying.

    • by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Wednesday May 12, 2021 @07:48PM (#61378848)

      Regardless of how well they can secure this pipeline or not going forward, it seems like having just one companies pipeline go down affect pretty much the entire supply of gasoline across the eastern coast is an incredibly fragile weak point for a country to have.

      The pipeline is secure. None of the control systems were infected - the corporate network was infected, but the control network was not. However, for safety reasons, they shut down the control network just in case. I mean, it makes sense - even if you have a segregated network and air gaps or data diodes and such, it's much too easy to accidentally bridge the gap by accident - all it would take is a USB, a laptop, etc. So shutting down the pipeline safely, and shutting down the network while it's still clean is the right thing to do to prevent it from getting potentially infected (and since it's safety critical - human safety, environmental safety, etc), knowing it stays clean means a faster restart.

      As for being critical - well, realize the pipeline isn't pumping oil 24/7. It carries a variety of products - one day it carries 87 unleaded, the next day, it's carrying 90, and the day after 92. Day after that it's carrying diesel.

      It's not specific, either - the products are pumped into and out of gigantic tanks that basically have enough product for a couple of weeks or more. Notice I never said which oil company - it's because well, 87 octane is 87 octane unleaded. The gas companies take that and feed it into their plants that add their "special sauce" and that goes out to the gas stations. Meanwhile, the tanks are generic - Shell may offload 87 octane into the pipeline and that specific hydrocarbon gets put into an Esso station in the end - the product the pipeline carries are completely fungible.

      The pipeline being shut down had no effect on either end - the shortage was just caused by people being idiots and gas stations not jacking up the price of gas to discourage panic buying. Just like how there was a run on toilet paper, or a run on meat, or a run on other product people bought by the ton.

      Considering I only buy TP when it was cheap, means I ended up with a rather large stockpile of them collected over 10 years - a stockpile I estimate would've lasted me an entire year if I didn't buy another package. I think the lowest I ever got to was maybe 10 months worth of TP before it started showing up on shelves again since everyone filled their house with TP. I waited another month and it went on sale, so I bought a pack. Bought another pack the week after that (still on sale) and I was full again. But it's gone on sale so often now I picked up another pack.

      Likewise, I fill my car when it gets to around 3/4 tank. Because of this craziness, I didn't bother filling my car - that 3/4 tank will last a long time for me, so the craziness will have long settled down and I don't have to fill my car with expensive gas.

      And no, I'm no prepper. I did pick up a bit more food in the event I got COVID or was potentially exposed and had to self-isolate, but that's mostly gone back to normal now. In case of complete collapse of society, I have no chance. But even global pandemic shutting everything down, not a big deal.

      • by SoftwareArtist ( 1472499 ) on Wednesday May 12, 2021 @11:32PM (#61379268)

        None of the control systems were infected - the corporate network was infected, but the control network was not. However, for safety reasons, they shut down the control network just in case.

        In practice it seems to have worked out to the same thing. They had to shut down the pipeline. You can say it's "just" the corporate network, nothing critical, but the effect was the same either way. If a hack of the corporate network leads to shutting down the pipeline, then the pipeline is only as secure as the corporate network.

        Attackers will always go after the weakest link in the chain. They just care about results. If an easy hack can shut down a major piece of infrastructure for five days, then that piece of infrastructure is very fragile. And if your job is to defend that infrastructure, you need to defend against all attacks, direct or indirect. If attackers bring it down, that means you failed, whatever means they used to do it.

      • I'll just reshare this here:
        https://twitter.com/RobletoFir... [twitter.com]

        This has been posted on another /. story about this, and the gist is:
        Their billing system was down, they couldn't invoice for transferred product, so they shut down the whole thing.

        Is it true? Well, its on twitter, so it must be, right?

    • Regardless of how well they can secure this pipeline or not going forward, it seems like having just one companies pipeline go down affect pretty much the entire supply of gasoline across the eastern coast is an incredibly fragile weak point for a country to have.

      I know, right? Good thing our new rational overlords are busy building new pipelines! :)

    • Their article does not say. Many articles say the cybersecurity companies they may have hired DO pay ransoms quietly under the table. As the bad-persons found new victims, it sure looks like they are getting paid well. Very little about remediation, and what was done.
  • Now that the gas is flowing, those who were blaming President Biden for the shutdown [vice.com] can now thank him for restoring service.

  • by dwater ( 72834 ) on Wednesday May 12, 2021 @10:01PM (#61379098)

    ..for using "gasoline", instead of "gas".

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...