The Colonial Pipeline, which had been offline since late last week due to a cyberattack that sparked worries of fuel shortages, started coming back online Wednesday evening, its operator said.
The restart began around 5 p.m. EDT, though the process to return the pipeline to normal operations will take “several days,” the company said.
Closure of full use of the pipeline touched off debates in Congress over cybersecurity and led to confusion over which federal agency is primarily responsible to address hacks against public works projects like pipelines. Biden administration officials used the breach as an example of the need to shore up defenses against the hacking of energy hardware.
“It certainly is a reminder that we need to take a hard look at how we need to harden our necessary infrastructure, and that includes cyber threats,” Energy Secretary Jennifer Granholm said Tuesday.
President Joe Biden issued an executive order Wednesday to update the federal government’s approach to cybersecurity. Among several steps, the order directs the heads of federal agencies to develop plans for cloud computing, calls for an assessment of federal information technology-contracting policies and moves to establish a “cyber safety” review board at the Department of Homeland Security.
Before Colonial announced the restart, Reps. Frank Pallone Jr., D-N.J., and Cathy McMorris Rodgers, R-Wash., the chairman and ranking member of the Energy and Commerce Committee, which has jurisdiction over pipelines, said Deputy Energy Secretary David Turk had briefed committee members on the hack.
“DOE is the right agency to be coordinating this government-wide effort,” they said in a joint statement, encouraging support of a bipartisan bill from Reps. Fred Upton, R-Mich., and Bobby L. Rush, D-Ill., to defend against cyberattacks.
“It would directly help DOE respond to physical and cyber threats to our pipeline and LNG facilities, like in the case of Colonial,” their statement about the bill said. “This attack and ongoing outage simply underscore the vulnerabilities we have highlighted, and how crucial it is that Congress act to enhance DOE’s cybersecurity authorities so that an incident like this does not happen again.”
Colonial first reported the hack to the FBI rather than the Cybersecurity and Infrastructure Security Agency that is charged with guarding against cyberattacks on equipment like pipelines, the head of the agency told the Senate on Tuesday. The FBI then notified CISA.
The FBI said a crime organization called DarkSide carried out the attack. Colonial shut down full operations Friday after learning of the attack, it announced Saturday. Arteries and offshoots of the main pipeline have remained running.
Transportation Secretary Pete Buttigieg on Wednesday characterized fuel shortages caused by the ransomware attack on the Colonial Pipeline system as evidence of the need for aggressive investment in the nation’s infrastructure.
Buttigieg said the attack was “a wake-up call” for the country to get serious about the systems that keep it running.
“We’ve now had, you could argue, two major wake-up call experiences, one in Texas, and now one here, each with a different cause but both reminding us about the work that we have to do as a country,” Buttigieg said, referring to power outages caused by unusually cold weather and haphazard preparation by electrical utilities triggered in Texas in February.
“The reality is that investing in world-class, modern and resilient infrastructure has always been central to ensuring our country’s economic security, our national security and as we’re seeing right now, that includes cybersecurity,” he said. “This is not an extra, this is not a luxury, this is not an option.”
Buttigieg made his comments at a White House briefing, appearing with EPA Administrator Michael Regan to emphasize administration moves to help states in areas the hack affected.
The Federal Motor Carrier Safety Administration this week issued an emergency declaration giving truck drivers making emergency fuel deliveries in affected areas relief from federal hours of service limits and certain other safety regulations.
Buttigieg said his department is also considering temporarily waiving the Jones Act, a law forbidding foreign-owned, operated or built ships from carrying goods between U.S. ports.
The waiver would apply to the shipping of transport fuel. The DOT’s Maritime Administration has initiated a survey of Jones Act-qualified vessels to determine which ships could carry petroleum products within the Gulf up the Eastern Seaboard to determine if a waiver is warranted.
The Federal Railroad Administration, meanwhile, is reaching out to rail operators to see if they can help transport fuel from ports inland.
Buttigieg, who has emerged as one of the top salesmen for Biden’s $2 trillion-plus infrastructure proposal, has been diverted from that role this week as his agency turned its focus to the fuel crisis. But speaking to reporters Wednesday, he made it clear that he views the two issues as linked.
“This is part of what we have in mind when we talk about resilience,” he said. “We need to make sure our infrastructure is resilient to climate security issues caused by the increased frequency and severity of weather events, but we also need to be sure that we are resilient in the face of cyber threats, and certainly the kinds of things that the [Biden infrastructure plan] will be funding and supporting.”