Colonial pipeline outage in the United States underscores risks to energy supplies

Ransomware attack on pipeline that provides nearly half of fuel consumed in Eastern US shows need for stronger cyber security measures to protect supply systems

One and a half months after the Suez Canal disruption, a cyber ransom attack on the world’s largest oil pipeline system has highlighted the growing range of risks to energy supply.

The energy security risks from disruption to the Colonial pipeline are potentially more significant for the markets it serves than March’s shutdown of the Suez Canal. That pipeline supplies 40-45% of the fuel consumed in the Eastern United States, a region with little oil production of its own, a small and declining refining sector, and gasoline inventories covering just 20 days of demand.

This situation underlines how digitalisation and automation of energy systems are increasing the scope for cyberattacks. Policymakers, regulators and industry must address these potential hazards, which are set to grow as the shift to cleaner power is accompanied by an expansion of connected devices and digitalized smart networks.

The IEA’s recent work has highlighted the cyber-security risks to critical energy infrastructure, and while electricity grids are thought to be most vulnerable to intentional disruptions given their lack of storage, the Colonial pipeline incident underscores the broader scope of these threats.

Episodic fuel shortages and rationing have been reported in several locations since the pipeline’s shutdown on 7 May. The disruption comes just two weeks before the Memorial Day weekend kick-off of the US summer driving season and just as road fuel demand is recovering.

The pipeline serves 17 states stretching along the Atlantic Coast from Maine to Florida, with a combined population of more than 120 million, or almost 40% of the country’s total. The region accounts for 30% of total US oil demand, according to the US Energy Information Administration. On its own, it would be the world’s third largest oil consumer, after China and the rest of the US, with oil demand normally amounting to 5-6 million barrels per day (mb/d).

The United States is divided into five so called PADD regions, and the PADD 1 Atlantic seaboard served by the Colonial pipeline relies on the rest of the US and overseas to cover almost 80% of its oil product needs. PADD 3 (Gulf Coast) is its largest supplier, sending about 3.2 mb/d of products on average, including 2 mb/d of gasoline and 1.2 mb/d of middle distillates (diesel and kerosene). Demand for transhipment on the Colonial pipeline, which stretches 9,000 kilometers from Houston to New York and transmits 2.7 mb/d, can exceed available space at peak season. The smaller Plantation pipeline ships around 0.7 mb/d of products from Baton Rouge to Washington, DC.

While the United States may be the world’s largest oil producing nation, there’s little production in the US Atlantic Seaboard. Since the financial crisis in 2008, refinery capacity in PADD 1 has halved to just 800 kb/d and even at full utilisation rates, the regional refiners can only provide for less than 15% of local demand for gasoline and diesel. As a result, if considered on its own, PADD 1 is the largest net importer of refined products in the world, ahead of all of Africa and the Southern Asia Pacific (Australia, Indonesia, Singapore and New Zealand combined).

PADD 1 product supply by source, 2020


In general, during oil supply disruptions commercial or strategic oil inventories can be used to cover short-term deficits. PADD 1 gasoline inventories as of April 30th stood at 64 mb, or about 20 days of normal demand cover. Distillate fuel inventories could cover more than one month of demand. Past pipeline outages have resulted in air traffic disruption in PADD 1 because the region imports 80% of jet fuel supply from PADD 3, and inventories have generally covered less than two weeks of forward demand. But with air travel depressed by Covid-19 travel restrictions, this time around the supply of road fuel is more of a concern even as flights have already been diverted due to jet kerosene shortages at regional airports.

Shifting quickly to other suppliers isn’t so simple. Barge and tanker shipments of products are limited to some 800,000 barrels a day to the southern regions of PADD 1, and tankers arriving from other U.S. ports need to be compatible with the Jones Act, which restricts domestic shipments to US flagged ships and is responsible for increasing shipping costs. Seaborne shipments from Europe would take at least 10 days to arrive, and anyway European volumes cannot fully substitute for pipeline flows.

The two pipelines out of the Gulf Coast are not only a lifeline for East Coast consumers, they are also an important outlet for Gulf Coast refiners, accounting for 25-30% of their output. What starts as a flow disruption may turn into an actual supply disruption if affected refiners cut back on production rates to avoid stock build ups. Indeed, several Gulf Coast refiners have already reported cutting refinery runs due to the inability to ship products on the Colonial system.

This episode underlines that energy systems have to become more cyber resilient – to withstand, adapt to and rapidly recover from incidents and attacks, while preserving the continuity of critical infrastructure operations. There are a number of different approaches that governments can take to enhance cyber resilience, ranging from highly prescriptive approaches to framework-oriented, performance-based approaches. But they need to act, and companies need to respond. This time it was an oil pipeline, but the potential vulnerabilities stretch across the entire energy sector.