Federal transportation regulators moved on Tuesday to take a second step toward alleviating the fuel squeeze caused by computer hackers’ attack on Colonial Pipeline Co., announcing that it had eased highway weight limits for truck loads of gasoline and other fuels.
Petroleum products have been blocked from flowing through a major pipeline connecting Gulf Coast refineries to Eastern seaboard markets since Friday, when a cyber intruders installed ransomeware on the Atlanta-based company’s computers.
The government on Sunday lifted hours of service (HoS) rules for truck drivers transporting gasoline, diesel, and jet fuel. And now the U.S. Department of Transportation has announced additional help for states in areas affected by the cyberattack.
The new policy permits trucks to carry extra weight while running on the Interstate Highway System and other Federal highways, although each state must continue to follow its own procedures for issuance of special permits authorizing the loads. That extra flexibility applies to the same 10 states covered under the Federal Motor Carrier Safety Administration (FMCSA)’s May 9 emergency declaration: Alabama, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, North Carolina, Tennessee, and Virginia.
In a statement Tuesday night, Colonial Pipeline said it was continuing its own efforts to reopen the 5,500-mile pipeline, manually opening additional secondary lines to prioritize its response to “markets experiencing supply constraints and/ or not serviced by other fuel delivery systems.” The company has also increased its physical security, boosting aerial patrols of its pipeline right-of-way and deploying more than 50 personnel to walk and drive some 5,000 miles of pipeline each day.
“Since our pipeline system was taken offline, working with our shippers, Colonial has delivered approximately 967,000 barrels (ca. 41 million gallons) to various delivery points along our system. This includes delivery into the following markets: Atlanta, Ga., Belton and Spartanburg, S.C., Charlotte and Greensboro, N.C., Baltimore, Md., and Woodbury and Linden N.J.,” the company said.
While FMCSA’s actions are helping to provide an immediate workaround to the blockage, long-term solutions should also include the approval of additional pipelines, according to a pair of Republican Congressmen.
“Fortunately, we have robust trucking and freight rail networks that can help take up some of the slack if needed. We commend the Federal Motor Carrier Safety Administration for granting an hours-of-service exemption for truckers in this case,” Transportation and Infrastructure Committee Ranking Member Sam Graves (R-MO) and Railroads, Pipelines, and Hazardous Materials Subcommittee Ranking Member Rick Crawford (R-AR), said in a joint statement. “However, that’s not a solution to our capacity needs, and we cannot continue to limit our pipeline system’s capacity, as was the case with the Keystone XL pipeline, or these types of incidents will only pose more severe consequences in the future.”
However, an information technology (IT) industry group said a key part of the problem is weak IT asset management of computing devices and software, and warned that additional high-profile infrastructure attacks are likely to follow.
“Until the operators of public water systems, energy pipelines, nuclear power plants, bridges, tunnels, airports, and other key infrastructure elements get serious about thorough and tough-minded IT Asset Management, we are going to see more and more ransomware attacks like the one on the Colonial Pipeline,” the International Association of IT Asset Managers (IAITAM) said in a release.
In fact, recent months have already shown similar attacks on a major dam site, a city water supply, hospitals, municipalities (including police and fire services), and electrical utilities, the group said.
“The problem here comes down to one central reality: If you are not managing your assets, you’re not managing your business … and you can’t secure what you don’t know you have,” IAITAM President and CEO Barbara Rembiesa said in a release. “Old and new infrastructure projects tend to be big and, as with a pipeline, may cover a huge amount of the country. When most people think about ‘security’ in such cases, they tend to think about the physical, low-tech side of things. But, increasingly, it is the cyber and high-tech side of things that leaves infrastructure projects wide open.”
