On May 6, 2021 Colonial Pipeline, “the largest refined products pipeline in the U.S (Colonial Pipeline),” was a victim of data theft followed by a ransomware attack beginning May 7, 2021 and ending May 12, 2021. Even though the initial requested ransom of 75 bitcoin with an estimated value of $4.4 million at the time, was paid promptly on May 7th, President Joe Biden still made an emergency declaration on May 9th. The pipeline did not return to normal operations until May 12, 2021. Fortunately, shutting down the pipeline during the initial phase of the attack helped to ensure the operational technology network responsible for physically moving the oil was not compromised (Tech Target).
The shutdown caused disruptions along the East Coast as gas supplies became scarce, leading to price increases and shortages. Airline operations also experienced setbacks due to the shutdown (CNBC). DarkSide’s attack on the pipeline led to the Biden Administration’s “Executive Order on Improving the Nation’s Cybersecurity,” an order implemented to strengthen cybersecurity practices across U.S. government agencies. This order emphasized the need for increased threat information sharing across agencies, called for securing the software supply chain, and resulted in the creation of the Cyber Safety Review Board (The White House).
Date of event: May 7, 2021 – May 12, 2021
Impact:
- 100 gigabytes of data stolen (Tech Target)
- All 5,500 miles of pipeline was shut down (CNBC)
- Approximately $5 million in ransom was paid to attackers (CNBC)
- Gas prices rose an estimated average of 4 cents per gallon in many locations reliant upon the pipeline (Science Direct)
Related Resources:
- Pipeline Cybersecurity–Updated Directives [September 7, 2022]
- Joint Cybersecurity Advisory: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
- Pipeline Security Guidelines [Updated April 2021]
- Cyber Threats in the Pipeline: Lessons from the Federal Response to the Colonial Pipeline Ransomware Attack, Joint Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation and the Subcommittee on Transportation and Maritime Security, House of Representatives of the Committee on Homeland Security, One Hundred Seventeenth Congress, First Session, June 15, 2021
HSDL Featured Topics: Cyber Crime and National Security | Cyber Infrastructure Protection | Ransomware
HSDL Search: Cyber Attacks | National Security | Infrastructure Security