The New “Militia” In Oil & Gas Operations

On 7 May 2021, a most unusual occurrence took place in the USA. The Colonial Pipeline – which carries gasoline, jet fuel and other refined products from Houston to New York across the Southeastern and Eastern United States – halted all operations, triggering a fuel distribution panic. As the largest pipeline system for refined fuels in the US, capable of carrying up to 3 million barrels of fuel per day, the closure of the pipeline triggered some perplexing scenes – from the hoarding of gasoline in plastic bags to a lady expressing her reliance on gasoline to survive on TV despite her SUV being emblazoned with a ‘Say No To Pipelines’ sticker.

The panic lasted five days until 12 May, when portions of the pipeline were restarted. But what is far more worrying is why it happened. This was not the result of an act of nature that created a force majeure, or because of a structural fault that ruptured the operation of the pipeline. No, the Colonial Pipeline outage of May 2021 was a cyberattack. Hackers, believed to be from Eastern Europe, had infiltrated the Colonial Pipeline Company’s IT systems, triggering a cyberattack that impacted the computerised equipment managing 45% of all fuels delivered to the US East Coast. In response to the attack, Colonial Pipeline halted its entire operations to contain the situation, while dealing with the hackers’ ransomware demand of 75 bitcoins, which is worth almost US$5 million at current exchange rates.

Ransomware cyberattacks are not new, having been around since the internet first gained widespread use in the 1990s. But the sophistication of these attacks has increased, especially since corporate IT security systems have not kept pace with hacking techniques. But this is certainly the first large-scale and highest-profile cyberattack on American and global energy infrastructure, offering a nervous look at just how secure the crucial worldwide energy complex is, and how this should and must be improved before even larger cyberattacks are launched.

Because gone are the days when the pipeline disruptions had to be physical – whether it was Boko Haram militia sabotaging crude pipelines in Nigeria or undetected defects triggering spillages in the US-Canada Keystone pipeline. With much of the pipeline’s controls now done from a screen in an air-conditioned office, ill intent does not have to travel to a wet marshland to cause chaos. A simple backdoor vulnerability could give a malicious individual or group full access to a company’s inner system workings, to devastating consequences. This was exactly what happened to Colonial Pipeline, with the group responsible believed to have stolen over 100 gigabytes of data from company servers before Colonial even had a clue. And this is not unique to Colonial Pipeline. In fact, the risk is so widespread as to be alarming. Risk specialist and advisor Marsh has stated that the ‘global energy sector is increasingly vulnerable to cyber-attacks and hacking, due to widespread adoption of internet-based, or ‘open’, industrial controls systems to reduce costs, improve efficiency and streamline operations. The nature of the threat is beginning to change, and virtually all industry sectors have begun to witness much more intelligent and complex attacks.’ The dependence on common IT platforms and standards has certainly been to boon to business – a far cry from the 1980s and 1990s were each company tended to maintain its own proprietary systems – but that standardisation is also a major vulnerability. One backdoor identified by hackers is a backdoor into thousands of companies.

So major was this cyberattack that the Biden administrative pulled together an inter-agency task force over that weekend to address the breach, mitigate the impact and assess the wider scale of vulnerabilities across the US energy sector. The first two were handled deftly and quickly, but the last will take years. Meanwhile, the cat is out of the bag now. Because, despite publicly refuting it previously, Colonial Pipeline actually paid the ransom. And it paid it on the day of the outage itself (May 7) through bitcoin, which is beloved by hackers for its untraceability. Once paid, the hackers – thought to be a new group known as DarkSide – provided Colonial with a decrypting tool to restore its disable network, but the provide so slow that it took over five days for full services to be restored.

Paradoxically, though, the cyberattack has actually increased the average American’s opinion of oil and gas pipelines now that the disruption of a major one became so apparent, at least based on early polling. This could herald a shift in the position of the current US government regarding domestic pipeline infrastructure, moving away from demonising it to investing in it (or at least existing ones) if only to secure them against cyber-threats. And maybe, possibly, even soften Joe Biden’s stance on new projects, including Keystone XL?

In a statement posted on its dark webpage, DarkSide stated that it would vet ‘customers’ in the future to ‘avoid social consequences’. Which is all good and well, but the fact that the cyberattack was successful in the first place, and that Colonial Pipeline actually paid the ransom (against all FBI and federal advice) could mean a cyberattack frenzy in the near future. A few lines of code, a savvy hacker and an unknown vulnerability could yield millions of dollars in untraceable crypto-currencies. IT and risk departments across all energy companies worldwide must be quaking in their boots. Because the threat of cyberterrorism and ransomware is now ever-present and ever-dangerous, from Texas to Thailand, New York to Nigeria. In May 2021, it was the largest refined fuels pipeline in the US. It could be a rig, a cargo ship or even an entire refinery tomorrow.

End of Article

Market Outlook:

-  Crude price trading range: Brent – US$67-69/b, WTI – US$64-66/b

-  Steady is the global crude oil price ship, with benchmark contracts staying stable in their ranges on demand recovery in key consumption regions (US, Europe and China) smoothing over the asymmetrical global recovery as Covid-19 continues to flare up in South Asia, and even previously safe spots Taiwan, Singapore and Japan

-  A new chapter of Israeli-Palestine violence may begin to add risk premiums to crude trading on the potential on infrastructure disruptions in the Middle East and a potential reset of Israel’s relationship with new allies like the UAE and Bahrain

End of Article

Learn more today - click here