The Biden administration has issued a second waiver of U.S. shipping requirements as it seeks to get more fuel to the East Coast in the wake of the Colonial Pipeline shutdown that caused tanks and filling stations to run dry. The waiver, announced late Thursday night, gives an unnamed company a limited exemption from the 101-year-old Jones Act, which requires that goods transported between American ports be carried on domestically built and crewed ships. The Homeland Security Department did not provide any details about the recipient of the new waiver or how long it would be valid. A previous waiver was provided to Valero Energy Corp., according to two people familiar with the matter. The waivers are designed to address fuel shortages spurred by the cyberattack on Colonial Pipeline Co., which shut down a major artery for gasoline, diesel and jet fuel along the U.S. East Coast. Even with shipments having resumed Wednesday evening, it could take time for the network to return to normal.
Colonial Pipeline ramped up deliveries to fuel-starved markets up and down the East Coast on Friday following a nearly week-long outage caused by hackers, as Washington sought to reassure motorists that supplies would return to normal soon. The strike on the nation's largest fuel pipeline was most disruptive cyberattack on record, triggering days of widespread panic buying that led filling stations across the U.S. Southeast to run out of gasoline, and pushing pump prices to their highest in years. On Thursday about 70% of gas stations in North Carolina were without fuel, while around 50% of stations in Virginia, South Carolina and Georgia had outages, tracking firm GasBuddy said. The average national gasoline price, meanwhile, topped $3.00 a gallon, the highest since October 2014, the AAA said.
Wall Street Journal (subscription)
The outage of Colonial Pipeline, which carries 45% of the fuel consumed on the East Coast, is particularly ill-timed. “This is happening at the worst time heading into the summer and also to the most vulnerable area,” said Michael Tran, managing director for global energy strategy at RBC Capital Markets. The East Coast is the least energy-secure U.S. region because of the dearth of refineries there, he said. Traders were preparing for a rise in European fuel exports to the U.S.. Weekly Wednesday government updates on U.S. energy stockpiles, imports and exports will now be in even greater focus, analysts said. The cybersecurity recovery for the Colonial Pipeline could take a few more days, and possibly longer, said Marc Ayala, a director of industrial-control system security at consulting firm 1898 & Co., part of Burns & McDonnell in Houston. “Given the breadth of the unknowns, the discovery, containment, decontamination and remediation effort will be lengthy and likely result in a gradual return to operations,” Mr. Ayala said.
Usually, tanker trucks are the last element of oil’s long journey from refinery to fuel tank. Ships, rail lines, and pipelines do the bulk of the work, delivering gas to distribution terminals scattered around the country. Trucks finish up the journey, from distribution terminal to one of the country’s 150,000 gas stations. Because of the pipeline slowdown and the uptick in demand everywhere, truckers are now having to make faster turnarounds and sometimes longer trips—as much as an extra 80 to 180 miles each time. The federal government has granted area-specific waivers allowing tanker trucks to carry more gas than safety guidelines usually permit. It has also waived some hours-of-service rules, permitting drivers to stay on the road for longer than usual. The issue was complicated because there were already of shortage of drivers, most likely due to the COVID pandemic. With demand for gas down during the pandemic, many drivers either got furloughed, stopped driving because of COVID-related health concerns, or decided to finally retire.
The Washington Post (subscription)
Even as Colonial lurched back to life after a devastating cyberattack, the Biden administration warned it would take time for fuel shortages to ease and pledged to take additional action to prevent a similar crisis. Colonial Pipeline said Thursday that its pipeline has been fully reactivated and fuel shipments have resumed. But significant shortages continued across numerous states, and drivers again complained of being stuck in long lines and encountering empty gas stations. President Biden and top aides sought to ease growing political fallout over the fuel shortages, as Republicans accused the White House of failing to defend the importance of American-made energy and responding inadequately to the hack. Transportation Secretary Pete Buttigieg called the ransomware attack a “wake-up call” that raises questions about whether the nation’s laws and political system are prepared for what he called “the cyber era.” And Biden touted a new Justice Department task force to go after DarkSide, a hacker group that infiltrated Colonial Pipeline’s servers and said it would not relinquish control without a ransom.
The White House
President Biden Thursday afternoon spoke about the Colonial Pipeline incident, outlining the government response to the outage and noting it would take some time before the fuel market was back to normal. Biden said that the FBI has concluded that the Russian government was not involved in the hack.
Colonial Pipeline paid Eastern European hackers who attacked its network 75 Bitcoin, worth almost $5 million at the time of the ransom payment. The ransom payment to DarkSide, a group of cybercriminals in or near Russia, allowed Colonial to start restoring its network and work to reopen its massive pipeline. Ransomware attacks are a big and growing problem for businesses of all size and scope. A report last month from a ransomware task force said payments rose by 311 percent in 2020 to about $350 million. Ransom for large corporations like Colonial tends to be much larger. But the $5 million ransom was "very low,” cyber expert Ondrei Krehel told Bloomberg. "Ransom is usually around $25 million to $35 million for such a company. I think the threat actor realized they stepped on the wrong company and triggered a massive government response."