Details and preps for the Colonial Pipeline cyberattack and gas shortages

Another day, another cyber attack. This attack shut down one of the major fuel pipelines in the United States, with hackers holding it for ransom, sparking panic buying and gasoline shortages throughout the southeast.

This comes on the heels of another recent attack in the US southeast where hackers cranked up levels of the fatal chemical lye in a Florida water treatment plant.

This post skips most of the basic news reporting and thinks through consequences and future preps. The punchlines:

  • The pipeline is currently being brought back online, but Colonial Pipeline said it will be a few days before things are back to normal.
  • This is yet another reason why you should try to always have some gas stored at home, ideally enough to fill an empty tank in one of your vehicles. If you don’t have an immediate need for gas, then this event isn’t a big deal for you.
  • See the beginner’s guide to storing gas and review of the best portable gas cans. Do not use improvised containers!
  • A common thing among preppers is getting in the habit of filling up your vehicle tank when it’s 25-50% full, rather than waiting until it gets to zero.
  • There’s no need to panic buy, especially if you don’t need to use the fuel within the next week. Panic buying is the opposite of prepping.
  • It’s unlikely this situation will blow up into a major issue — the US has strategic oil reserves that it could release, for example, if this becomes worse than just personal inconveniences. So if you have something like an upcoming business trip flight to the area, you shouldn’t worry too much about planes not having fuel.
  • But shortages will continue for at least a few days as companies struggle to move gas from major ports/refineries (eg. the Houston starting point for this pipeline) to all of the little endpoints people buy gas from.
  • The overall supply chain for everything (not just gas) is already strained, but experts think it’s unlikely this event will make things much worse since most commercial vehicles run on diesel, which is not nearly as sold out as normal gasoline.
  • Many local “last mile” delivery trucks do run on normal gas, though, so there might be slowdowns there. But major shipping companies like UPS have not issued any alerts so far.
  • Rural areas will likely feel the pain for longer as urban centers are prioritized to receive what little gas supply is being trucked in.
  • These kinds of cyber attacks on critical infrastructure continue to get worse and happen more frequently. So it’s part of our new normal.
  • Many of these attacks come from foreign governments like Russia, China, Iran, and North Korea, or from “unaffiliated” hackers inside those countries that those governments tolerate.
  • This attack was carried out by Russian group DarkSide, although the US currently believes the Russian government did not have direct involvement.
  • In an unusual twist, DarkSide has since issued a statement that they didn’t mean to cause this much harm to society and will change how they choose their targets in the future. “We just want to make money.” Private attacks in the future will likely have a similar spirit, while state-sponsored attacks obviously care more about disruption.

What we know about the Colonial Pipeline attack

The 5,500-mile Colonial Pipeline starts in Houston, Texas and stretches to Linden, New Jersey. The pipeline transports between 15-20% of gasoline, diesel, and jet fuel in the US and about 40% of the fuel on the East Coast. The main lines transport about 2.5 million gallons of fuel per day. Colonial is “the largest-volume refined liquid petroleum products pipeline operating in the world.”

Colonial Pipeline map

Thursday, May 6, 2021:

  • The DarkSide cyber gang infiltrated the Colonial Pipeline Company’s network, stealing 100 GB of data and installing ransomware.
  • Ransomware is a type of malware that encrypts the data on computers until the victim pays a ransom to receive the decryption key.
  • DarkSide is infamous for double extortion tactics, where they steal data and blackmail victims to prevent release, while simultaneously infecting them with ransomware.
  • Though DarkSide is based in Russia, the Russian government has denied any involvement, and the Biden-Harris administration has said there’s no evidence of Russian state involvement, though Biden said, “They have some responsibility to deal with this.”

Friday, May 7 2021: The Colonial Pipeline Company took the main pipeline offline to root out the attack, though some smaller lateral lines have remained open.

Sunday, May 9, 2021: The US Department of Transportation temporarily lifted fuel transport restrictions in order to get more fuel into the system.

Monday, May 10, 2021:

  • While Colonial Pipeline temporarily opened one line under manual control, panic buying took hold in the southeast, with long lines at gas pumps and stations starting to run out of gas.
  • DarkSide released an unusual statement expressing remorse for the attack, saying “Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
  • North Carolina, Georgia, and Virginia declared states of emergency. In Georgia, Governor Kemp temporarily suspended gas taxes.

Tuesday, May 11, 2021:

  • The Biden-Harris administration announced a series of response actions, including a response group and waivers on various regulations.
  • Florida declared a state of emergency.

Wednesday, May 12, 2021 (date of publication):

What should I do?

Limit how much gas you’re using. Everyone’s already used to Zoom business meetings, so perhaps you don’t need to make that face-to-face trip. Or you can hold off on mowing your lawn for a week or two — your neighbors will understand.

If you need to travel, try to carpool, use vehicles with better gas mileage if you have a choice, and give yourself more room for error in case you run into a hiccup.

Don’t panic buy or hoard. If you’re low enough on gas that you’d normally need to buy some in the next week, then sure, go fill up if there’s gas nearby.

GasBuddy tracks gas and power availability at stations around the country. The site is experiencing heavy traffic. De Haan recommends visiting directly.

Personally, we filled up our tanks as soon as we heard about the attack because we anticipated this very predictable outcome. But once the panic buying is really going (as it is today), it’s usually worth avoiding the mess and waiting it out.

It’s okay to fill up a spare gas can or two, but don’t be one of these people making fools of themselves today on social media:

A moron filling an IBC tank with gas
Between the light-duty trailer and the enormous IBC tank unsuitable for gasoline, this is a disaster waiting to happen. Don’t be this guy.
Moron pumping gas into buckets
We just hope he didn’t smoke in the car.

Have non-gas alternatives. Could you buy food without gasoline? Trim your yard? Till your garden? If you commute, are you set up to work remotely? For long-term prepping, consider plans and tools that let you keep living your life even when fuel (or grid power) is available.

Will this affect the supply chain?

Possible, but we’re optimistic that it’s unlikely. Pretty much all freight trucks run on diesel, and while Colonial warned of possible diesel shortages, we haven’t seen that so far. FreightWaves, a logistics trade publication, said “The availability of diesel does not appear to be anywhere near as severely impacted.”

However, it could possibly affect home deliveries. Many delivery drivers drive gasoline-powered vehicles. But as of this moment, neither USPS, UPS, or FedEx have issued service alerts related to fuel shortages.

A key Twitter account to follow to track the gas supply is Patrick De Haan from GasBuddy. He’s put in a heroic effort of regularly updating the public on gas availability in the southeast.

Is this a legit shortage or panic buying?

A bit of both, but the real problems at this point are due to panic buying. But we can’t brush off the fact that a major oil pipeline was down, which is bound to affect availability in some manner.

That’s backed up by GasBuddy data that shows a 14% increase in demand on May 11, 2021, over the previous Tuesday.

That means this is yet another example of how personal preparedness helps flatten the curve. Since the real problem here is people’s emotional reactions and the resulting panic buying — ie. the resulting “spike in the demand curve” — the way to keep the whole system working is by reducing that spike.

That’s pretty easy in this case since all you have to do is store gas and use the FIFO method to rotate through it.

Will America’s enemies take advantage of this?

Impossible for us to say, but it’s unlikely. There’s still plenty of fuel overall, as it’s just the one pipeline down. As far as we know, the military still has all the fuel it needs, and the government will go to great lengths to make sure that’s the case. The government maintains a Strategic Petroleum Reserve, and US petroleum surpluses recently returned to pre-COVID levels.

Nor is the first time the Colonial Pipeline has shut down. The pipeline exploded in 2016 and it caused a similar surge of panic buying in the southeast. However, it was brought back online in a few days and no one invaded in the interim.

However, you can be sure our foes are watching this situation to see how vulnerable our infrastructure is and what the responses are like. We anticipate that there will be many more cyberattacks in the future, such as the February 2021 cyberattack on a Florida water treatment plant that nearly poisoned an entire town. Defense One warns of our cyber vulnerabilities.

More: Why you shouldn’t worry about a devastating Iranian cyberattack, yet

Unfortunately, unless you work in IT for the systems involved, there isn’t much you can do about that. Nor does it do you any good to worry about it. Adopt sane prepping rules and prepare for a wide array of emergencies.


    • Kharn597

      Great operating experience review of the event with check list of things you can do to be prepared.  I really like this and the Texas Power Outage OEs.   Those who review this can learn, add to thier plans and remain calm.

      5 |
    • Sbesch

      A thorough and thoughtful recap of the situation, along with sensible suggestions for dealing with the effects – thank you, Josh.  If anyone wants to dive deeper into the potential vulnerabilities of our modern infrastructure, I highly recommend reading “Lights Out” by Ted Koppel.  It’s a fascinating (and frightening) description of the vulnerabilities of the US power grid and the anticipated effects of a widespread failure.

      8 |
    • brekke

      Thank you for a great article. Whenever I see panic buying in this magnitude, or the great tp2020 ridiculousness, I have to wonder why there aren’t immediate purchase limits put into place? It would seem like in planning for emergencies, there could be a “you can fill your vehicle plus one 5-gallon approved can per visit” limit implemented. (Or with the tp, 24-rolls/person). Sure there would still be those people that get back in line or hit up every store, but it would certainly slow the hoarders and give more people a chance to buy a small supply. I get businesses are there to make money, but there is precedent for rationing during times of emergency. 

      4 |
      • woodrow brekke

        I agree. At our local station people went nuts and were topping off their pickup trucks and several gas cans apiece.  However, a local BP station by the expressway was running a ten-gallon limit on all sales, implemented at the pump. This made the most sense of anybody, and wish that all stations had the software to do limits like this at the pump itself, instead of having to go inside (during a pandemic) to purchase a set limit.

        4 |