Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Axios on your phone

Get breaking news and scoops on the go with the Axios app.

Download for free.

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

The ransomware attack against the Colonial Pipeline — the massive East Coast gasoline artery — is a stunning real-world example of the increasing risks that the energy sector faces from a cyberattack.

Why it matters: Different parts of the vast American energy system are vulnerable — from pipelines to power grids to individual power plants and plenty in between.

  • While federal and state agencies, as well as companies, have spent years hardening their systems, the shutdown of the country's largest refined products pipeline, which carries over 100 million gallons per day, shows you can never be too prepared.

Between the lines: Ransomware has a distinct, perhaps less-pernicious goal: to lock users out of a system until they pay to have access restored.

  • Most ransomware victims are put in impossible positions, incurring financial losses while wrestling with the decision of whether to pay the ransom.
  • But as Axios' Felix Salmon noted, the Colonial Pipeline is not your everyday ransomware victim, given its status as critical infrastructure. Instead, the full resources of the U.S. government have been mobilized in the wake of this attack.
  • All the disruption and attention even elicited an apology, of sorts, from DarkSide, the relatively new group the FBI said allegedly perpetrated the hack.
  • “Our goal is to make money and not creating problems for society," the group said in a statement on the dark web.

The big picture: Axios' chief tech correspondent Ina Fried notes the attack highlights a growing dilemma facing cities, utilities and companies: The more that their processes go digital, the more vulnerable they are to financially motivated attacks.

  • Moody's Investors Service, in a note, said pipeline operators have increasingly adopted digital tech to improve their operations.
  • The problem? That also means operators of oil, natural gas and other pipelines are "offering new vectors for cyberattackers."

Threat level: Moody's says the pipeline sector is the oil-and-gas industry's most vulnerable segment.

  • "A cyberattack that disrupts one or more long-haul pipelines would have global supply implications, regardless of the location of the attack," it notes.
  • On the bright side, Moody's says the oil-and-gas sectors' cybersecurity investments have been growing.

Yes, but: Cybersecurity concerns also extend to other elements of the energy system, such as the electrical grid.

  • The expensive and deadly power outages in Texas in February, caused by extreme cold, illustrated what can happen when the power goes out for an extended period.

Of note: The Colonial hack comes about five months after the disclosure of the far-reaching Russian SolarWinds hacking of a vast trove of corporate and government systems.

  • This breach may have compromised parts of the American energy infrastructure.

Driving the news: There are reports that some gasoline stations have run out of fuel.

  • Per GasBuddy analyst Patrick De Haan's Twitter feed, the most widespread outages as of this morning were in Virginia at around 7.6%, and he notes the state-by-state estimates may be low.
  • Via Bloomberg, "From Virginia to Florida and Alabama, fuel stations are reporting that they’ve sold out of gasoline as supplies in the region dwindle and panic buying sets in."
  • AAA reports that the outage has pushed nationwide average gasoline prices to $2.99-per-gallon, the highest since late 2014 (a standing reminder that prices vary by region).

What's next: Colonial Pipeline said Monday that segments are being brought back online in a "stepwise fashion," with the goal of "substantially restoring operational service by the end of the week."

What they're saying: "We are monitoring supply shortages in parts of the Southeast and are evaluating every action the Administration can take to mitigate the impact as much as possible," White House Press Secretary Jen Psaki said in a statement.

What we're watching: Multiple lawmakers have called for the passage of cybersecurity bills in the wake of the attack.

  • "That infrastructure package should have a giant allocation for improving cybersecurity across the United States," energy analyst Amy Myers Jaffe said on the latest Axios Pro Rata podcast.

Go deeper: What to know about the Colonial Pipeline cyberattack

Go deeper

Updated May 8, 2021 - Energy & Environment

Ransomware attack forces shutdown of major U.S. fuel pipeline

A police officer stands guard inside the gate to the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama, in 2016. Photo: Luke Sharrett/Bloomberg via Getty Images

A major U.S. fuel pipeline running from Texas to New York has been taken offline by its operator because of a ransomware attack, Colonial Pipeline said Saturday.

Why it matters: It's a significant breach of critical infrastructure and comes on the heels of multiple other major cyberattacks on both U.S. companies and the federal government.

Updated May 10, 2021 - Energy & Environment

Colonial Pipeline aims to be "substantially" back online by end of week

Photo: Luke Sharrett/Bloomberg via Getty Images

The FBI confirmed in a statement Monday that a professional cybercriminal group called DarkSide was responsible for a ransomware attack on the Colonial Pipeline network, which provides roughly 45% of the fuel used on the East Coast.

The latest: President Biden said at a press briefing that there is no evidence so far to indicate that Russia was involved in the attack, although he plans to meet with Russian President Vladimir Putin soon. Officials previously said no countries are being blamed for the attack.

Ben Geman, author of Generate
May 10, 2021 - Energy & Environment

What to know about the Colonial Pipeline cyberattack

Illustration: Aïda Amer/Axios

Colonial Pipeline, a huge network that supplies eastern states with gasoline, diesel and other products, is shut down thanks to a major ransomware attack disclosed over the weekend.

Why it matters: Colonial is the largest refined products pipeline network in the country, transporting over 100 million gallons per day.

You’ve caught up. Now what?

Sign up for Mike Allen’s daily Axios AM and PM newsletters to get smarter, faster on the news that matters.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!