A cyber attack temporarily shut down one of the US’ largest pipelines on Friday, highlighting already heightened concerns over the vulnerabilities in the nation’s critical infrastructure.
The operator, Colonial Pipeline, said on Saturday that the incident involves ransomware.
The attack comes amid rising concerns over the cybersecurity vulnerabilities in America’s critical infrastructure following recent incidents, and after the Biden administration last month launched an effort to beef up cybersecurity in the nation’s power grid, calling for industry leaders to install technologies that could thwart attacks on the electricity supply.
Colonial, which transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York Harbor, according to its website, said it learned of the cyberattack on Friday, causing them to pause operations.
“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” the company said in a statement.
Colonial said it engaged a third-party cybersecurity firm to launch an investigation into the “nature and scope of this incident” and also contacted law enforcement and other federal agencies.
The US Cybersecurity and Infrastructure Security Agency is “engaged with the company and our interagency partners regarding the situation,” Eric Goldstein, the executive assistant director of CISA’s cybersecurity division, said in a statement Saturday.
“This underscores the threat that ransomware poses to organizations regardless of size or sector,” he said. “We encourage every organization to take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats.”
Ransomware attacks have worsened over the years, with recent targets as varied as state and local governments, hospitals and police departments. The cyber attacks involve a type of malicious software that locks up a victim’s computer and renders it unusable until the victim pays off the attacker, frequently in Bitcoin.