“It’s a serious issue,” said Tom Kloza, the global head of energy analysis at Oil Price Information Service. “It could snarl things up because it is the country’s jugular aorta from moving fuel from the Gulf Coast up to New York.”
Colonial Pipeline, based in Alpharetta, Ga., is owned by several American and foreign companies and investment firms, including Koch Industries and Royal Dutch Shell. The pipeline connects Houston and the Port of New York and New Jersey and also provides jet fuel to most of the major airports, including in Atlanta and Washington, D.C.
Both the SolarWinds and the Microsoft attacks appeared aimed, at least initially, on the theft of emails and other data, the nature of the intrusions created “back doors” that experts say could ultimately enable attacks on physical infrastructure. So far, neither effort is thought to have led to anything other than data theft, though there have been quiet concerns in the Federal government that the vulnerabilities could be used for infrastructure attacks in the future.
The Biden administration announced sanctions against Russia last month for SolarWinds, and is expected to issue an executive order in the coming days that would take steps to secure critical infrastructure, including requiring enhanced security for vendors providing services to the federal government.
The United States has long warned that Russia has implanted malicious code in the electric utility networks, and the United States responded several years ago by putting similar code into the Russian grid.
But actual attacks on energy systems are rare. About a decade ago, Iran was blamed for an attack on the computer systems of Saudi Aramco, one of the world’s largest producers, which destroyed 30,000 computers. That attack, which appeared to be in response to the American-Israeli attack on Iran’s nuclear centrifuges, did not affect operations.
Another attack on a Saudi petrochemical plant in 2017 nearly set off a major industrial disaster. But it was shut down quickly, and investigators later attributed it to Russian hackers. This year, someone briefly took over control of a water treatment plan in a small Florida city, in what appeared to be an effort to poison the supply, but the attempt was quickly halted.
Clifford Krauss and Nicole Perlroth contributed reporting.