This gave them an enormous competitive advantage over the refineries on the east coast, which imported oil from abroad or by rail from North Dakota after the start of the shale boom. As the local refineries closed their doors, the Colonial Pipeline became increasingly important as a connection to refineries in Texas and Louisiana.
The Midwest has its own pipelines from the Gulf Coast, but while the East Coast has closed refineries, the Midwest has opened some new plants and expanded others over the past 20 years to process Canadian oil, mostly from Alberta sands. California and the Pacific Northwest have sufficient refineries to process crude oil made in California and Alaska and South America.
How serious is the immediate problem?
Not much. The northeastern supply system is flexible and resilient.
Many hurricanes have damaged pipelines and refineries on the Gulf Coast in the past, and the east coast managed to handle this. The federal government stores millions of gallons of crude oil and refined products for emergencies. Refineries can import oil from Europe, Canada, and South America, although it can take up to two weeks for transatlantic cargo to arrive.
When Hurricane Harvey hit Texas in 2017 and damaged refineries, shipments from the Colonial Pipeline to the northeast were suspended for nearly two weeks. Port of New York gasoline prices rose rapidly by more than 25 percent, and the additional costs were passed on to motorists. It took over a month for prices to return to previous levels.
What’s the bigger threat?
Hacking a large pipeline may not be a major problem for drivers, but it is a sign of the times. Criminal groups and even nations can threaten power lines, personal information, and even banks.
The group responsible for the pipeline attack, DarkSide, usually locks their victims’ data using encryption and threatens to release the data unless a ransom is paid. Colonial Pipeline did not say whether it paid a ransom or intended to do so.
“The unfortunate truth is that infrastructure today is so fragile that almost anyone who wants to get in can get in,” said Dan Schiappa, chief product officer of Sophos, a UK security software and hardware company. “Infrastructure is an easy and lucrative target for attackers.”