By Cathy Bussewitz and Eric Tucker

Associated Press

WASHINGTON — The nation’s largest fuel pipeline is flowing again after the company that runs it was hit by a gang of hackers. But long lines remain at gas stations throughout the Southeast. That’s because drivers are buying more gasoline than they need, draining supplies at filling stations. Plus, there are logistical hurdles slowing fuel deliveries from the Colonial Pipeline.

The incident was one of a series of wake-up calls about the growing threat hackers pose to the nation’s critical infrastructure. Ransomware attacks, where hackers demand large sums of money to decrypt stolen data or to prevent it from being leaked online, have hit thousands of businesses and hundreds of health care centers in the U.S. in the past year.

Questions remain about the next steps.

When will fuel supplies get back to normal?

Colonial restarted its pipeline late Wednesday, which means fuel is now running between refineries in Houston and Southeast states. But it will take a few days or weeks for everything to get back to normal.

Gas stations in the Southeast should be open for business and well supplied next week, but only if the pipeline operates as planned and consumers stop hoarding fuel, said Richard Joswick, global head of oil analytics at S&P Global Platts. When the panic passes, people will have full tanks and demand will drop, but “people have to be convinced that they don’t have to panic buy,” Joswick said.

There’s also the matter of getting fuel from the pipeline to the pumps.

One of the main pipeline arteries from Houston to North Carolina moves different grades of gasoline, sending a batch of premium grade followed by regular, Joswick explained.

Another artery transports diesel, jet and home-heating fuel. Trucks deliver fuel at different points along the way, but with a national trucker shortage, it isn’t easy for trucks to pick up the slack.

What happens next to Colonial Pipeline?

After the dust has settled, Congress is likely to call hearings to question Colonial Pipeline executives and cybersecurity experts. An outside audit of Colonial’s information management practices three years ago found glaring problems.

The chairman of the Federal Energy Regulatory Commission, Richard Glick, said the government should create and enforce mandatory pipeline-security standards. And members of the House Energy Committee re-introduced bills this week aiming to strengthen the Department of Energy’s ability to respond to cybersecurity threats.

Some might want regulators to ease permitting procedures so that more pipelines can be built, to boost reliability of supply. But there may be reluctance to facilitate building alternate pipeline routes, since President Joe Biden has made it clear that he wants to transition away from fossil fuels as quickly as possible.

 

What is the Biden administration doing?

There’s been a lot of activity in the last month aimed at strengthening the country’s cyber-defenses, most notably an executive order signed by Biden on Wednesday that would require all federal agencies to use basic cybersecurity measures and mandate new security standards for software makers that contract with the federal government.

The order also establishes a cybersecurity safety review board, creates a pilot program rating system to evaluate the security of software and establishes what officials say will be a standardized playbook for cyber responses.

The executive order is meant to fix what a senior administration official on Wednesday described as a “laissez faire” approach to cybersecurity. It is also intended to address some of the vulnerabilities exposed by recent major breaches, including the SolarWinds intrusion in which Russian hackers compromised federal agencies by targeting the software supply chain.

The Justice Department, meanwhile, has created a task force with the FBI to deal with ransomware, and the administration says it is taking steps to protect critical industries like the energy sector.

 

Who was responsible for the hack?

The FBI has linked the ransomware to a Russian-speaking criminal syndicate known as DarkSide that has been on investigators’ radar for months.

Biden said Thursday said that the administration does not believe the Russian government was involved in the attack but that “we do have strong reason to believe that the criminals who did the attack are living in Russia. That’s where it came from.” He said the administration has been in touch with Moscow about the need to take action against ransomware operators.

“And we’re also going to pursue a measure to disrupt their ability to operate,” he added.