The Colonial Pipeline system, which supplies nearly half the fuel consumed along the Eastern Seaboard, resumed full operations this weekend after a ransomware attack eight days earlier. Following days of higher pump prices, panic buying, and gas stations running out of fuel, the system is beginning to return to normal. But the lasting significance of Colonial Pipeline’s outage—the largest attack on the U.S. energy system in history—needs to be recognized. History will repeat itself with potentially far more severe consequences unless key lessons from the Colonial Pipeline attack are learned to boost the energy system’s resilience in the face of rising risks from cyberattacks and severe weather.
Colonial is one of the nation’s most critical fuel arteries, moving around 2.5 million barrels per day of gasoline, diesel, and jet fuel from Houston to New York, with branches serving southern states along the Atlantic Coast. As numerous economically struggling refineries shuttered along the East Coast in the past two decades, the entire region became even more dependent on Colonial for fuel.
On May 7, Colonial Pipeline shut down its pipeline as a precaution following a ransomware attack by a criminal group called DarkSide, which hacks into computer systems to hold data hostage until the victim pays a ransom. In response, gasoline prices surged in several southeastern states, and many stations ran out of fuel as people rushed to fill up their tanks. In Georgia and South Carolina, for example, the price of regular gasoline was up 8 percent this past weekend, and roughly half the stations reported having no gasoline. By Friday, the shortages had spread north; almost 90 percent of stations in Washington had “no gas” signs up. It was reported that Colonial Pipeline paid a $5 million ransom to DarkSide to unlock its system and began to restart operations several days later.
Advocates predictably used the crisis to push particular agendas. The CEO of the American Petroleum Institute criticized decisions to shut down a pipeline in Michigan that supplies consumers in Michigan and Ontario, Canada and a pipeline carrying oil from North Dakota to Midwest refineries—even though neither had anything to do with supplying fuel from Gulf Coast refineries to states dependent on the Colonial system. Meanwhile, advocates of electric cars noted fuel shortages do not affect electric vehicle owners—even though the power grid is at least as vulnerable to cyberattacks as pipelines.
There are key lessons to learn from the Colonial outage, but it’s important to cut through the rhetoric and learn the right ones. Moreover, with shortages easing, policymakers need to resist becoming complacent and simply moving on to the next crisis. Three lessons are particularly worth heeding to reduce the likelihood and impact of a future energy supply disruption like the one the United States just witnessed.
First and perhaps most obvious: The Colonial attack is a reminder of well-known cybersecurity risks to the energy system. Saudi Aramco, for example, suffered a significant cyberattack, likely perpetrated by Iran, in 2012, which forced the world’s largest oil company to shut down 30,000 computers and operate with typewriters and fax machines. In the United States, a 2018 cyberattack compromised the data systems of four natural gas pipeline operations. Moreover, cybersecurity risks to oil and gas may well rise not only as attackers become increasingly sophisticated but as the industry increasingly turns to tools of artificial intelligence and digitalization to increase production and reduce costs.
Driving an electric car in the Southeast may have provided peace of mind this time but does not insulate drivers from the risk of cyberattacks. Indeed, the electricity system faces significant and perhaps even greater cyber vulnerabilities. The FBI and U.S. Department of Homeland Security, in a highly unusual March 2018 report, publicly called out Russia for hacking the U.S. power grid and gaining access to critical controls that enabled them to cut off electricity. Although a cyberattack has not yet caused a widespread blackout, the risks can be seen in Ukraine, where Russian attackers shut down large portions of the grid in 2015 and again in 2016.
Moreover, the risk of cyberattacks may well rise as a decarbonized energy system becomes increasingly electrified, digitalized, and interconnected, as Amy Myers Jaffe wrote in her new book, Energy’s Digital Future: Harnessing Innovation for American Resilience and National Security. Moving away from fossil fuels means many energy uses, such as powering cars and heating homes, will increasingly depend on electricity, of which a growing share will be from renewable or other zero-carbon sources. A more electrified and efficient energy system, in turn, will involve more digital devices, from household appliances to self-driving cars, connected through smart grids and the “internet of things”—all of which expose the energy system to greater cyberthreats unless adequately projected. This past week, the chief economist of the International Energy Agency warned that because electricity is harder to store than fuel, an attack on the power grid in a world of electric vehicles would cause “an epic scale disruption with major social and economic implications.”
The U.S. government’s ability to protect against cyberattacks is constrained, however, because most of the country’s energy infrastructure is in private hands. The government can require some parts of the energy system, such as the high-voltage power grid and nuclear reactors, to adopt certain cybersecurity standards, but not others, such as oil and gas pipelines. Voluntary action is insufficient, however. As Colonial Pipeline demonstrated, the costs to the economy when a piece of critical infrastructure goes down are far higher than the costs to the particular company that owns it, so firm’s incentive to prevent it is inadequate relative to potential harm. That is a problem U.S. Congress should remedy by allowing federal agencies to set minimum cybersecurity standards for critical energy infrastructure.
The attack also hinted at how the United States’ own cyber capabilities may be used for deterrence. U.S. President Joe Biden pledged the government would “disrupt” DarkSide’s ability to operate. Shortly thereafter, the group’s website went offline, and it reportedly lost access to some of its funds. It then announced it was shutting down because of pressure from Washington. Whether DarkSide actually shut down because of anything the administration did remains unclear, but it would not be surprising if the federal government had reacted to deter other attacks on critical energy infrastructure, just as offensive cyber capabilities are a tool to deter state actors from attacking the United States.
Second, the attack demonstrates that energy security comes from being more—not less—interconnected. A half-century of calls for “energy independence” since the 1970s Arab oil embargo have too often taken the form of isolationism. House Republican Leader Rep. Kevin McCarthy, for example, argued the Colonial outage showed why the United States needed to produce more oil at home—even though the United States was a net oil exporter last month.
In reality, resilience comes from optionality and interdependence. The New York region was far less affected by the Colonial shutdown than the Southeast because it is more integrated into a fuel network with a more diversified set of port facilities, storage tanks, and other pipelines—and thus has more options to pull fuel supplies into the region from other refineries and from overseas when needed.
This energy security lesson can be seen again and again around the world. When Hurricanes Rita and Katrina disrupted much of the Gulf Coast’s vast production and refining capacity in 2005, fuel shortages were averted by the ability to import supplies quickly from the global market. In Europe, increased energy security has come not from reducing Russian gas imports—indeed, European imports have consistently risen—but rather from implementing regulatory and infrastructure reforms that make the European market more integrated, promote competition, and create more pipeline reversal and interconnection capability. Bigger storage facilities and extra capacity to import liquefied natural gas makes Europe less vulnerable to supply disruption as well. During the Texas power crisis earlier this year, those parts of the state with grids connected to neighboring states fared better than the rest of Texas, which was served by an isolated electricity grid and transmission system.
Of course, building more interconnections and redundancy comes at a cost. The U.S. Southeast would be more energy secure if it were served by multiple pipeline systems rather than one or if its ports had the capacity and terminals the New York region has, but such investments would be expensive relative to how often they would likely be used. So the question is how much of an insurance premium people want to pay to guard against disruption. In any case, a policy that allows for free trade and competition in energy boosts energy security by maximizing optionality and system versatility.
Third, governments need to boost critical energy infrastructure’s resilience to increased risks it will face going forward, not just those it has faced in the past. The Biden administration took key actions to ease fuel shortages—temporarily easing air quality rules to allow the use of different fuel blends, rules limiting the hours truckers can work to deliver more fuel supplies, and restrictions on delivering fuel from the Gulf Coast on non-U.S. vessels—but the reality is the government had few tools at its disposal. (Although psychology matters too. Panic buying and price increases may have been more muted if the government had sent clear signals that it stood ready to intervene.)
Energy is the lifeblood of the economy. When pipelines shut down, the lights go out, or natural gas wells freeze up, the economy grinds to a halt and people lose access to mobility, heat, and other life-saving services. Nearly 200 people died in the Texas blackouts earlier this year, mostly from the cold, failed medical devices, and a lack of medical care.
Moving forward, the U.S. government needs to add new tools to its toolkit to respond to fuel shortages, particularly as the risks to critical energy infrastructure rise from both cyber and natural threats. Cybersecurity risks will proliferate as the energy system becomes increasingly electrified, digitalized, automated, and internet-based. These risks may come from unfriendly nations or, in the case of Colonial Pipeline, criminals looking to make a buck. Indeed, Colonial’s decision to pay the hackers a $5 million ransom payment may be understandable from the company’s standpoint but surely increases the incentive for future criminals to pursue similar attacks against the United States’ vulnerable network of pipelines, transmission grids, or other energy infrastructure systems.
At the same time, the risk of hurricanes, floods, droughts, and wildfires is rising with the worsening impacts of climate change. These natural disasters pose grave threats to energy infrastructure too, as the New York region learned during Hurricane Sandy, which disrupted fuel supplies and electricity for weeks. Federal investments in infrastructure, such as Biden’s proposal in Congress now, need to be resilient to tomorrow’s climate disasters, not just rebuild in the same ways as in the past, as several scholars argued this past Friday in the New York Times.
When considering how much the government should invest in resilience—in effect, how much insurance to buy—worsening cybersecurity and climate change risks may alter previous calculations. In 2011 and again in 2015, the U.S. Energy Department analyzed whether to build a strategic reserve of gasoline and diesel in the Southeast to protect against fuel supply disruptions, particularly from a major hurricane hitting Gulf Coast refineries, which happened during Hurricanes Katrina and Rita. Neither study was ever finalized, and there was significant disagreement within the Obama administration about whether the benefits of reduced gasoline price spikes justified the costs. Those cost-benefit analyses included certain assumptions about how likely major Gulf Coast hurricanes were to strike, yet those assumptions may well look different today given not only rising risks of severe weather from climate change but also rising cybersecurity threats as demonstrated by the Colonial attack. Although the Obama administration established a small gasoline reserve in the Northeast after Hurricane Sandy, the Biden administration should consider creating one in the Southeast as well.
The Biden administration has been in office barely 100 days and already faced two of the most severe energy crises in recent memory. These events highlight the fragility and vulnerability of the United States’ energy system. They demonstrate the breadth of infrastructure at risk—the electricity grid, oil and gas wells, and the country’s vast pipeline system. They underscore the diversity of risks posed, from cybersecurity to severe weather. And they should serve as a clarion call to the Biden administration, Congress, and private firms to move with greater urgency to bolster both the United States’ security of critical energy infrastructure and its resilience to inevitable disruptions. Energy is too important to all our lives and the economy to let this crisis go to waste.