What We Know About the Colonial Pipeline Cyberattack

That gave them an enormous competitive advantage over the East Coast refineries that imported oil from abroad or by rail from North Dakota once the shale boom there took off. As the local refineries shut their doors, the Colonial Pipeline became increasingly important as a conduit from Texas and Louisiana refineries.

The Midwest has its own pipelines from the Gulf Coast, but while the East Coast closed refineries, the Midwest has opened a few new plants and expanded others to process Canadian oil, much from the Alberta oil sands, over the last 20 years. California and the Pacific Northwest have sufficient refineries to process crude produced in California and Alaska, as well as South America.

How serious is the immediate problem?

Not very. The Northeast supply system is flexible and resilient.

Many hurricanes have damaged pipelines and refineries on the Gulf Coast in the past, and the East Coast was able to manage. The federal government stores millions of gallons of crude oil and refined products for emergencies. Refineries can import oil from Europe, Canada and South America, although trans-Atlantic cargo can take as much as two weeks to arrive.

When Hurricane Harvey hit Texas in 2017, damaging refineries, Colonial Pipeline shipments to the Northeast were suspended for nearly two weeks. Gasoline prices at New York Harbor quickly climbed more than 25 percent, and the added costs were passed on to motorists. Prices took over a month to return to previous levels.

What is the larger threat?

The hacking of a major pipeline, while not a major problem for motorists, is a sign of the times. Criminal groups and even nations can threaten power lines, personal information and even banks.

The group responsible for the pipeline attack, DarkSide, typically locks up its victims’ data using encryption, and threatens to release the data unless a ransom is paid. Colonial Pipeline has not said whether it has paid or intends to pay a ransom.

“The unfortunate truth is that infrastructure today is so vulnerable that just about anyone who wants to get in can get in,” said Dan Schiappa, chief product officer of Sophos, a British security software and hardware company. “Infrastructure is an easy — and lucrative — target for attackers.”