The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year.
The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management (CRM) procedures from January through November 2020.
The PHMSA said that "a probable failure to adequately plan and prepare for manual shutdown and restart of its pipeline system [...] contributed to the national impacts when the pipeline remained out of service after the May 2021 cyberattack."
Colonial Pipeline, operator of the largest U.S. fuel pipeline, was forced to temporarily take its systems offline in the wake of a DarkSide ransomware attack in early May 2021, disrupting gas supply and prompting a regional emergency declaration across 17 states.
The incident also saw the company shelling out $4.4 million in ransom to the cybercrime syndicate to regain access to its computer network, although the U.S. government managed to recover a significant chunk of the digital funds paid.
"The pipeline shutdown impacted numerous refineries' ability to move refined product, and supply shortages created wide-spread societal impacts long after the restart," PHMSA said in a Notice of Probable Violation and Proposed Compliance Order.
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
"Colonial Pipeline's ad-hoc approach toward consideration of a 'manual restart' created the potential for increased risks to the pipeline's integrity as well as additional delays in restart, exacerbating the supply issues and societal impacts."
Update: "This notice is the first step in a multi-step regulatory process and we look forward to engaging with PHMSA to resolve these matters," a spokesperson for Colonial Pipeline told The Hacker News, adding that its "incident command structure facilitates a deliberate approach when responding to events."
"As the 2021 cybersecurity incident demonstrated, Colonial's approach to operating manually gives us the flexibility and structure necessary to ensure continued safe operations as we adapt to unplanned events."
"Our coordination with government stakeholders was timely, efficient and effective as evidenced by our ability to quickly restart the pipeline in a safe manner five days after we were attacked — which followed localized manual operations conducted before the official restart."