Ransomware Attack Causes Fuel Shortage
The Southeast has been hit especially hard.
Last week’s cyberattack on a key fuel distribution network has led to critical shortages, emergency orders, and general panic. WaPo (“Fuel shortages crop up in Southeast, gas prices climb after pipeline hack“) reports:
Lines of panicked drivers overwhelmed gas stations in the Southeast on Tuesday, as rising prices fed fears of shortages in the aftermath of a ransomware attack that forced the nation’s largest fuel pipeline offline.
[…]
In Washington, Energy Secretary Jennifer Granholm said the Southeast can expect a “crunch” that will take several days to alleviate.
“We have gasoline,” she said during a White House briefing. “We just have to get it to the right places. And that’s why I think the next couple of days will be challenging.”
My home state of Virginia is among those feeling the crunch and the governor has issued an emergency order. I needed to fill up on the way to work yesterday morning and my usual gas station was roped off; I attributed this to routine maintenance. Fortunately, I was able to fill up without incident elsewhere.
She said Colonial Pipeline officials had told her that a decision on a “full restart” could come as soon as Wednesday evening.
The Colonial Pipeline system, which moves about 45 percent of the East Coast’s fuel, shut down Friday after hackers thought to be based in the former Soviet Union infiltrated servers and encrypted its data, demanding a fee to restore access. Homeland Security Secretary Alejandro Mayorkas, who was at the White House briefing, said American organizations have lost more than $350 million this year as a result of ransomware attacks.
“The threat is not imminent,” he said. “It is upon us.”
One might question whether it’s wise to have that much control in the hands of a single private entity but it may well be a natural monopoly. Clearly, though, they’re not doing enough to invest in security. (In fairness, they’re likely far more competent in this regard than the Federal government, whose IT is legendarily bad.)
Now consumers are seeing some of the fallout as Colonial pushes to resume service by the end of the week.
As of Tuesday, governors in North Carolina, Georgia and Virginia had declared states of emergency and taken steps to relax fuel transport rules to ease pain at the pump.
More than 7 percent of gas stations in Virginia, 8 percent in North Carolina and 5 percent in Georgia were without fuel late Tuesday afternoon, according to Patrick De Haan, an oil analyst at Gas Buddy. A number of stations in Florida, Alabama and South Carolina also reported dry pumps.
So far, so good. One wouldn’t think a shutdown on Friday would have this drastic an impact this quickly. Rather clearly, most of our service stations are operating on a just-in-time delivery construct. Which is probably quite efficient until it isn’t.
Here’s where logic fails, however:
De Haan said fuel demand in these states spiked 40 percent on Monday, and cautioned against panic-buying, which will only exacerbate the shortages. “It is vital that motorists do not overwhelm the system by filling their tanks,” De Haan said in analysis.
The owner of Masonboro Country Store in Wilmington, Musa Agil, said lines began forming just after 6 a.m. and had not abated all day, blocking the flow of traffic on two-lane Masonboro Loop Road. He spent the day “managing traffic and trying to keep the peace” as some motorists cut lines and others filled up a dozen tanks and jugs.
By 3 p.m. Agil was down to his last 200 gallons and told the packed parking lot that he would soon have to shut down. “Some people are selfish, taking more gas than they need,” he said. “But most people are just scared.”
Granholm said there is “no cause for hoarding gasoline” because the pipeline will be “substantially” back online by the weekend. But local news outlets from Florida to North Carolina reported long lines and dry pumps.
The national average for a gallon of gasoline stood at $2.98 on Tuesday, according to AAA. That’s an 8-cent jump on the week, and a penny shy of prices not seen since November 2014.
Granholm had a warning for service station operators: “We will have no tolerance for price-gouging,” she said, and she urged consumers to inform their state attorney general’s office if they suspect it is taking place.
So, sure, some people are just assholes acting without concern for others. But, for example, I filled up my tank yesterday, having no idea that there was a shortage, simply because it’s just my natural routine. Thankfully, it’s been a long time since I couldn’t afford all 15 gallons at once. And even those people filling up their tank and a bunch of gas cans may well have a legitimate reason for doing so. Maybe they own a lawn service company. Maybe they’re on or about to embark on a long trip they can’t avoid and don’t want to get stranded. Who the hell knows?
And, while I understand the argument against price gouging (it has a disparate impact on the poor) raising prices is the natural and efficient economic response to a supply shortfall. Otherwise, station owners will quickly run out of fuel. That’s bad for them and their employees. But it’s also bad for those who actually need the gas enough to pay an extra 50 cents or dollar a gallon. A temporary price hike will discourage panic buying and hoarding, reallocating the gas to those who need it most.
“So far, so good. One wouldn’t think a shutdown on Friday would have this drastic an impact this quickly. Rather clearly, most of our service stations are operating on a just-in-time delivery construct. Which is probably quite efficient until it isn’t.”
In my father’s gas station (1970’s), the tanks held a bit over one week’s supply (9 days. Assuming that, it would be 9 days or less until the system was completely empty. Call it 10% of stations each day, after a couple of days.
Then the panic starts, and everybody goes to get filled up, shifting 2-3 days of supply into their cars.
Biden joke of the day:
Pessimus: Ah, Joe, if you’d only kissed Putin’s ass, you wouldn’t have to worry about cyberattacks.
Biden: Ah, Pessimus, if you only had implemented security against cyberattacks, you wouldn’t have to kiss Putin’s ass.
H/t Diogenes.
“Remaining silent emboldens the liar. I will not participate in that.
“Those who refuse to accept the rulings of our courts are at war with the Constitution. Our duty is clear. Every one of us, who has sworn the oath must act to prevent the unraveling of our democracy. This is not about policy. This is not about partisanship. This is about our duty as Americans.” -Rep. Liz Cheney
https://www.politico.com/news/2021/05/11/liz-cheney-trump-truth-republicans-487324
Cheney is right, of course. Continuing to show loyalty toward Trump as he continues to espouse the Big Lie above the 2020 election is going to hurt the party in the long run and it is incredibly bad for the nation as a whole.
Sadly she’s going to lose her leadership position for declining to buy into the Big Lie.
This happens all the time with gas shortage. We had a temporary one here in Texas a couple of years back. Lasted one week. Happened in the 70s when I was commuting to college. Ended up riding a bicycle 15 miles each way for a couple of days. That’s when locked gas caps came into being. Basically gasoline storage goes from gas station tank to rolling automobile tanks.
There are mutterings in the data security world that since business too often doesn’t take data and network security seriously, that the business managers should face criminal sanctions for poor data security practices. Not sure how that would work, but it should get the attention of the businesses.
It begs the question though, is data security even achievable when so many breeches are the result of some moronic employee, following a link or downloading some corrupt file.
“drastic an impact this quickly.” Well, this has happened before. Just whispering ” gas shortage” and people hit the road to fill up. I am surprised that many places are letting people fill gas cans, even buckets. Hopefully common sense and reason will take hold soon.
Prices started changing even before gas was short. That happens also. Several years ago a hurricane was headed toward the Gulf. Prices doubled in a few hours, to $4/gallon. The hurricane veered off and did no harm. In a few days the supply got back to near normal and the prices went down; some. The governor promised a big investigation and consequences for the gouging. But it came to nothing.
The news should not mention shortages on gas, or anything (paper towels).
I will not go into my usual presentation about the gas shortage hoax of ’73, with long lines and the price soaring.
“Once they doubled the price, the shortage disappeared”
“Every time some middle east potentate sneezes, the price of gas goes up”
Nixon promised to investigate the “big oil companies”.
Watch “Gashole”
@Sleeping Dog: “It begs the question though, is data security even achievable when so many breeches are the result of some moronic employee, following a link or downloading some corrupt file.”
I’ve been in a number of businesses where we deal with many outside companies; if clicking on a link or downloading a file can trash the company, then IT security is relying on perfection.
@Sleeping Dog:
The phishing techniques can be sophisticated enough that nearly anyone can fall for them, at least occasionally.
So, maybe you need to minimize the opportunities and the blast radius. Does every employee need to be able to get email from outside the company? Does the critical system have to live on the same network as the employee laptops?
I work somewhere where we have to log in to some systems through a Citrix workstation — it’s inconvenient, but it isolates them from our laptops pretty well. If these were the critical systems, and we weren’t connecting to a Windows 2008 box, it would even make sense.
I have five gallons of gas for my generator that I bought pre-crisis. I’m rich!
Raising prices can have the opposite effect by adding to the sense of panic. IMO the advantage lays mainly in prompting people to use less, if possible, and for most people it is possible to use less. They will still want to hoard though, worried the prices may go higher still.
I suspect these ransomers have made a huge mistake. This stunt stands to make them priority one for CIA, NSA, and corresponding outfits in other countries around the globe. Serious attention from a lot of serious people, and they all really really really want to be the one who bags ya.
Lotsa luck, s-bags.
@Gustopher:
Yeah, but think of all the money saved by not investing in modern systems when the dinosaurs work adequately. Maybe criminalizing management stupidity isn’t such a bad idea.
There was a ransom hack that made the news. Then the news media, needing a clickbait story, hyped that to create a “gas” run. Maybe a few high volume station got low due to a tanker glitch. The Colonial Pipeline has a huge storage farm in Atlanta. An unknown commenter mentioned that the hack was in the billing/accounting software so the glitch is that the company can’t do billing not can’t move product if that is true.
Fixed it for you.
@JKB: I mean, it might be accurate, and yet I shake my head at how you put more weight on the testimony of an “unknown commenter” than on news media.
Obviously, news media don’t always get it right, either. However, “anonymous internet commenter” can easily have a disinformation agenda. At this point, any comment I read from a person I don’t already know – who has a history with me on the internet at least – is simply not taken seriously on its own. It might be something worth checking out, but if it contradicts other sources, it loses. I don’t like being played, and that’s what “anonymous internet commenter” is often trying to do.
And yeah, maybe there are lots of tanks in Atlanta. But do you think that Colonial Pipeline is going to give gasoline away for free? Which is what it would be doing if it can’t bill. If it can’t bill, my bet is it also can’t measure or store. Yeah, pipes work without computers and so do pumps. But do companies give their product away for free? What’s their margin? How many weeks of free gas eats up their profit for the entire year? My guess is not very many.
A friend of mine posted on Facebook a photo taken at a gasoline station in Athens, GA. A man was filling up plastic 5-gallon jerricans. His wife was standing by the open hatch of their SUV, where three filled cans were clearly visible. They could have a real blast.
I’m one of the gasholes who fills up my tank every time I go to the station–shortage or not. That being said, my car journal shows that I used to fill up every 2-3 weeks, but since Covid-19, that’s changed to every 4-6 weeks. One time recently, I almost ran completely out of gas–the gauge had turned off, replaced by a message that read “TANK EMPTY.” That particular fill up took 8.1 gallons of gas. But I do remember rationing and buying only 5 gallons at a time for a ~22 gallon tank in a car that got 15 mpg on the freeway (because it had the SMALL V-8 engine). Not fun times.
I saw headlines, but did not read the articles, in aviation blogs to the effect that some flights are making refueling stops, and others were subbed with wide bodies. Some rumors that wide bodies loaded full of fuel are flying to the affected area and part of their excess fuel is used for other flights, with or without refueling stops.
@Barry: “I’ve been in a number of businesses where we deal with many outside companies; if clicking on a link or downloading a file can trash the company, then IT security is relying on perfection.”
One company switched from their internal HR website to an external site, run by an obscure company. No warning – click on the internal company HR site, and get redirected to ObscuroCorp.
And at a lot of companies, you might receive many e-mails from outside sources every day.
The ‘don’t click on links/open an attachment’ idea, these days, is like urging somebody in the receiving department to carefully check the fonts on the labels of incoming boxes.
@JKB:
Screw you.
I have alot of friends in Atlanta who can’t get gas. One of them is a pediatric nurse who does home visits to poor families with Children in need of Medical attention.
That’s her job.
Which can’t do.
Because of a gas shortage.
She can’t get gas to fill her tank.
That’s a real world problem that you cavalierly dismiss.
Screw you.
@SC_Birdflyte: I remember some stores would not allow people to fill gas cans in a shortage.
If people would stick to 10-15 gallon purchases, there would not be a problem.
@EddieInCA:
Having fuel in a tank farm simply means that there is a supply to flow when the time comes, or they can start putting it in trucks. But that doesn’t alter the retail shortage as the media driven panic has drained the stations. It will take time for the trucks to resupply them. Few of these stations would pay more for earlier deliveries even if that was an option. The system’s been glitched with a “bank run” and it will take time to refill the distribution network.
At least on refinery will have to restart after having shut down since they couldn’t ship product. That likely means they have full storage tanks, but need their slot in the pipeline.
We have a tight system. It’s been more than a decade, but the system is so tight that fog for 3+ days in the Houston Ship Channel, slowing the tankers reaching the refineries, would cause gas prices to go up 10 cents a gallon due to supply shortages
@JKB: OK Troll, have a biscuit….
Citation? More lies?
@JKB: The power of J-I-T…..
Social media driven panics have been causing massive problems for JIT lately. Companies love JIT because it saves money but it’s vulnerable to panics…
@JohnMcC: It’s true google “Just-In-Time logistics” and you’ll see how tight things really are.