State leader says federal laws leave us at risk of pipeline hacking attack

Posted at 5:36 PM, May 13, 2021
and last updated 2021-05-13 18:15:26-04

LANSING, Mich. (WXYZ) — We are not seeing an overall shortage of gas in Michigan due to the Colonial Pipeline shut down and are not expected to. This is because the pipelines that feed Michigan are not impacted.

If they ever are impacted by such a ransomware attack, however, experts say Michigan is especially vulnerable.

Only two pipelines deliver refined gas into Michigan. While they have never been shut down due to an attack by hackers, such as what happened to the Colonial Pipeline, they have been shut down before for repairs or due to power outages.

“Whenever there is an outage, whenever a pipeline goes down that supplies our Great Lakes, it makes it hard for us to provide gasoline and diesel to our customers. Because we are surrounded by water,” said Mark Griffin, President Michigan Petroleum Association.

Griffin says our geography leaves us at risk of extreme fuel shortages should a pipeline servicing Michigan have to shut down. It raises the question. What about pipelines that deliver natural gas for our energy grid?

To learn about that 7 Action News reached out to Consumers Energy.

“Candidly, we see attacks on a regular basis,” said Jim Beechey, the Executive Director of Security at Consumers Energy.

Beechey says hackers used ransomware to attack Colonial’s business systems. Colonial’s pipeline was shut down to prevent those hackers from accessing the pipeline through those systems.

He says Consumers Energy works to keep its business systems computers separate from computers running the grid or pipelines to prevent ever needing to do that.

“We feel very comfortable and confident that we have separated those systems to the level required, that if something were to happen, we would be able to continue to provide service to our customers,” said Beechey.

“This should be a wake-up call for the federal government,” said Dan Scripps, Michigan Public Service Commission Chair.

Scripps says there is a reason we saw this happen to a petroleum pipeline and not the energy grid. He says there are governed by different security standards and that needs to change.

“There are national standards for the electrical system that have been in place for over a decade. At the state level we are requiring national standards that have been developed by API for natural gas utilities. But we don’t have those standards at the federal level which has sole jurisdiction over oil and gasoline lines. And that is a real problem,” said Scripps.

7 Action News reached out to Buckeye Partners, which operates pipelines in Michigan. We asked about security measures being taken to prevent such attacks at its company.

We were provided with a statement saying:

Buckeye Partners remains diligent as always in ensuring we operate our pipelines and terminals safely and securely. We regularly evaluate, while managing continuously, the safety and security of our systems. In light of the recent events, we have undertaken supplemental precautionary steps to evaluate and safeguard our systems, which have continued uninterrupted. We will continue to closely monitor the supplies in markets we serve while remaining in contact with our customers and shippers.