Friday’s shutdown of the Colonial pipeline had not made a meaningful impact on U.S. air travel as of Monday morning. However, the ransomware attack that spurred the shutdown has triggered an increase in spot fuel prices and prompted the Department of Transportation to declare a state of emergency in 17 East Coast states, paving the way for the temporary loosening of restrictions on truck transport of fuel.
In a statement issued last night, Colonial said it continued to work to “understand” the issue, but gave no indication when service would be restored. Industry fuel experts predicted supply problems could emerge as early as Tuesday, as refined products begin to back up in Texas. And this morning, the price of jet fuel had already increased modestly on the spot market above its Friday $1.82-per-gallon closing price. The price of aviation fuel has more than doubled over the last 12 months.
Colonial shut down operations on four lines spanning 5,500 miles that carry an estimated 45 percent—an estimated 2.5 million barrels per day—of the gasoline and distillates supply, including jet fuel, to the U.S. East Coast from Texas to New Jersey and well westward, including to cities such as Philadelphia and Pittsburgh via the Buckeye system. Major civilian airport markets served by the system and branches of the Buckeye include Atlanta, Nashville, Charlotte, Greensboro, Raleigh-Durham, Washington, D.C., Baltimore, and New York-New Jersey.
Atlanta would likely be the initial venue of any widespread supply problems. On Sunday night, Delta Air Lines, the largest tenant at the nation’s busiest airport, Atlanta Hartsfield-Jackson International, said the attack had not impacted its ability to draw fuel from its own refinery in Philadelphia. The pipeline’s shutdown could also create major logistical problems at a variety of military installations along its route, according to members of Congress speaking on the Sunday morning news talk shows. Sen. Bill Cassidy (R-Louisiana) said, “The implications of this for our national security cannot be overstated,” on NBC’s Meet The Press.
“This interruption of the distribution of refined gasoline and jet fuel underscores the vulnerability of our national critical infrastructure in cyberspace and the need for effective cybersecurity defenses,” said Sen. Angus King (I-Maine) and Rep. Michael Gallagher (R-Wisconsin), co-chairmen of the Cyberspace Solarium Commission (CSC). CSC was stood up by Congress in 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences."
While who launched the attack has not been officially confirmed, several intelligence sources pointed to international criminal cells of hackers, collectively known as the DarkSide, as the likely perpetrator. In a statement issued via Twitter earlier today, DarkSide seemed to express regret for the attack, writing, “Our goal is to make money and not create problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
Aviation cybersecurity expert Ben Rothke told AIN that most companies—even with security upgrades—remain woefully underprepared for any kind of ransomware attack, and the fee hackers now charge to restore data held hostage can be “deep into the seven figures.”
“Backups are one of the most, if not the most, essential defenses against ransomware,” Rothke said. “If a company has good backups in place, they can simply reimage the bad machine and backup their data. But, newer and more advanced ransomware variants are, in fact targeting those backups. These ransomware variants can wipe the backups, which means a company has the difficult decision to lose massive amounts of data or pay an often expensive ransom. What this means is that every aviation company needs to have a formal plan to deal with ransomware. This includes creating methods to detect and block ransomware in the first place, how to deal with it in the event you are a victim, and how to safeguard your backups from being compromised.”
Even before the ransomware attack, several organizations had pointed to potential security and physical infrastructure problems related to pipeline delivery of aviation fuel and the Colonial pipeline in particular. In a 2018 study, Airlines for America (A4A) noted that demand for jet-A in the U.S. was 1.6 million barrels per day, with the vast majority supplied by pipeline. A4A ominously warned, “When pipeline operations are disrupted, alternative means of transporting jet fuel to airports are generally inadequate…Generally, fuel is supplied to airports through a combination of interstate multiproduct pipelines, third-party and off-airport terminals, and dedicated local pipelines. The last few years have continued to demonstrate the fragility of this complex system and the threat it poses to air-service continuity.”
Privately-held Colonial is owned by a consortium that includes CDPQ Colonial Partners, IFM (US) Colonial Pipeline 2, KKR-Keats Pipeline Investors, Koch Capital Investments Co., and Shell Midstream Operating.