The US Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a fine of nearly $1 million to Colonial Pipeline for breaking federal safety requirements, exacerbating the consequences of the ransomware attack last year. The $986,400 fine is the outcome of a regulator examination of the pipeline operator’s Control Room Management (CRM) operations that took place from January to November 2020. “A probable failure to adequately plan and prepare for manual shutdown and restart of its pipeline system […] contributed to the national impacts when the pipeline remained out of service after the May 2021 cyberattack,” the PHMSA stated.
Following a DarkSide ransomware attack in May 2021, Colonial Pipeline, operator of the country’s leading fuel pipeline, was forced to temporarily shut down its operations, affecting gas delivery and causing a regional emergency declaration across 17 states. The corporation also paid threat actors $4.4 million in ransom to regain access to its computer network, although the US authorities were able to recover a significant part of the digital funds spent. “The pipeline shutdown impacted numerous refineries’ ability to move refined product, and supply shortages created wide-spread societal impacts long after the restart. Colonial Pipeline’s ad-hoc approach toward consideration of a ‘manual restart’ created the potential for increased risks to the pipeline’s integrity as well as additional delays in restart, exacerbating the supply issues and societal impacts,” reads the notice of Probable Violation and Proposed Compliance Order.