The US Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a nearly $1 million fine for management failures at energy pipeline operator Colonial Pipeline that contributed to widespread fuel shortages along the US East Cost following a 2021 ransomware attack.

In May 2021, Colonial Pipeline experienced a ransomware attack, which disrupted operations of one of the US' largest pipelines, which delivered refined gasoline and jet fuel from Texas up the East Coast to New York. Due to the attack Colonial Pipeline temporarily shut down its 5,500 miles of pipeline to contain the threat.

PHMSA said in a notice published on May 5, 2022, that the operator had failed to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyberattack.

“Respondent’s failure to test and verify its internal communication plan contributed to consequences that occurred when, on May 7, 2021, Colonial Pipeline was the victim of a cyberattack which required the immediate shutdown of the entire pipeline system,” the watchdog said. “Since Respondent had not tested and verified an internal communication plan when the cyber-attack occurred, as was required by the regulation, Respondent was not prepared for manual restart and manual operation of its pipeline. Colonial Pipeline’s ad-hoc approach toward consideration of a “manual restart” created the potential for increased risks to the pipeline’s integrity as well as additional delays in restart, exacerbating the supply issues and societal impacts.”

The regulator also issued an order requiring Colonial Pipeline to test and verify its internal communication plan for manual operation and develop a procedure to verify correct alarm set-points values amongst other tests.

According to Reuters, Colonial Pipeline said that it was looking forward to engaging with PHMSA to resolve the matters raised. The company added that that the notice was the first step in a multi-step regulatory process.

“Our coordination with government stakeholders was timely, efficient and effective as evidenced by our ability to quickly restart the pipeline in a safe manner five days after we were attacked, which followed localized manual operations conducted before the official restart,” a company’s spokesperson said.