U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack

The U.S. Department of Transportation’s Pipeline and Hazardous
Materials Safety Administration (PHMSA) has proposed a penalty of
nearly $1 million to Colonial Pipeline for violating federal safety
regulations, worsening the impact of the ransomware attack last
year.

The $986,400 penalty is the result of an inspection conducted by
the regulator of the pipeline operator’s control room management
(CRM^[1]) procedures from January
through November 2020.

The PHMSA said^[2]
that “a probable failure to adequately plan and prepare for manual
shutdown and restart of its pipeline system […] contributed to
the national impacts when the pipeline remained out of service
after the May 2021 cyberattack.”

Colonial Pipeline, operator of the largest U.S. fuel pipeline,
was forced to temporarily take its systems offline in the wake of a
DarkSide ransomware attack^[3] in early May 2021,
disrupting gas supply and prompting a regional emergency declaration^[4] across 17 states.

The incident also saw the company shelling out $4.4 million in
ransom^[5] to the cybercrime
syndicate to regain access to its computer network, although the
U.S. government managed to recover a significant chunk^[6] of the digital funds
paid.

“The pipeline shutdown impacted numerous refineries’ ability to
move refined product, and supply shortages created wide-spread
societal impacts long after the restart,” PHMSA said in a Notice of
Probable Violation and Proposed Compliance Order.

“Colonial Pipeline’s ad-hoc approach toward consideration of a
‘manual restart’ created the potential for increased risks to the
pipeline’s integrity as well as additional delays in restart,
exacerbating the supply issues and societal impacts.”