U.S. oil pipeline network vulnerability addressed in CHDS alum Master’s thesis nearly decade ago

A cyber-attack on a key East Coast oil pipeline that led to its shutdown and ransom payment earlier this year brought into stark relief the vulnerability of the U.S. oil pipeline infrastructure and the need for protective measures.

CHDS alum Michael Larrañaga

No one was perhaps less surprised by that than Center for Homeland Defense and Security alum Michael Larrañaga (Master’s 1101/1102, HSx1701), whose 2012 Master’s program thesis addressed the U.S. oil pipeline network vulnerability issue.

Entitled “Network Vulnerability Assessment of the U.S. Crude Pipeline Infrastructure,” Larrañaga’s thesis addressed the “potential for cascade failure of the U.S oil pipeline infrastructure” using Model Based Risk Assessment software in its analysis.

The thesis noted that the pipeline system distributing crude oil to refineries across the U.S. had gained “much media attention” at the time due to Pres. Obama’s denial of a permit for a key portion of the Keystone-XL pipeline, which is designed to carry oil from Alberta, Canada to the Cushing Oil Trading Hub (COTH) in Cushing, OK. That project has since been revived by Pres. Trump and shut down again by Pres. Biden.

The thesis analysis identified the COTH as the primary critical hub as one of the world’s major oil terminals, and found that a disruption of the COTH, Midwest/West Coast oil distribution networks, or critical hubs would have “far-reaching negative consequences affecting global trade.”

Larrañaga’s thesis concluded that the results of his analysis “should be used as a starting point to increase network resiliency and prioritize the use of resources to secure the crude oil pipeline network against cascade failure.”

According to the Managing Principal for R.E.M. Risk Consultants in Dallas, TX, even a short-term shutdown of the U.S. crude oil network and by extension the finished product distribution system would have “massive cascading consequences” since the U.S. and its economy are so dependent on oil.

Aside from public and private transportation, the U.S. depends on oil for its military, which is the globe’s largest user of fossil fuel, as well as construction materials, and even health care and the food industry, he noted.

And Larrañaga pointed out that the U.S. currently only has 3-4 days of oil reserves and it takes oil and finished products, like gasoline, two months to get from one end of the pipeline network to the other.

“Oil is central to our way of life,” he said. “We’re an oil-based economy.”

East Coast gas stations were short on fuel during the Colonial pipeline cyberattack-prompted shutdown.

While Larrañaga’s thesis dealt with the crude oil network, he said the Colonial pipeline shutdown provided a hint of the potential consequences associated with a major oil pipeline outage.

The Colonial pipeline hack, which Bloomberg News reported was the result of a single compromised password, prompted the private company that owns and operates it to shut down the pipeline supplying nearly half of the East Coast oil supply from May 5-12, resulting in fuel price increases, long lines at the gas pump, fuel shortages, and other impacts.

Colonial officials ultimately agreed to pay hackers affiliated with the Russia-linked cybercrime organization DarkSide a $4.4 million ransom. The FBI would later recover a portion of the cyber-currency ransom.

Larrañaga said if the Colonial pipeline had been shut down for another week there would have been “disastrous” consequences.

While noting that the Biden Administration had advised Colonial pipeline owners and other private oil infrastructure entities to better prepare for cyber-attacks, Larrañaga said he believes there are more efforts underway to protect the nation’s oil infrastructure than is being publicly revealed.

“I’m surprised the Colonial pipeline was not more cyber-secure, but most infrastructure is privately owned and I see the Biden administration’s point (that companies need to improve their cyber-security themselves),” he said. “But I believe they’re (administration) doing more than they’ve said they’re doing. They got money back (through the FBI) and I expect they’re continuing to plan, especially with regard to the military’s need for fuel.”

Meanwhile, Larrañaga said there are continuing concerns about the security of the U.S. crude oil network involving a number of elements.

He said the pause on the Keystone-XL pipeline is a concern because “completion of the pipeline would have really increased our resilience to outages,” adding that “it’s a key to avoiding a large shutdown.”

In addition, he said the national oil network’s “main vulnerability” is both the East and West Coast oil supply networks are mostly separate from the rest of the country’s oil network. On the West, the physical barrier presented by the Rocky Mountains limits the ability to move oil from the center of the country over the Rockies. On the East Coast, most of the refined products on the East Coast originates on the Gulf Coast and is shipped via pipeline to the East Coast. (Only five of the country’s oil refineries are on the East Coast.)

The West Coast relies heavily on oil deliveries from Canada via ships and ports, and is “almost like an island,” he said, while the East Coast could still access about 50 percent of its oil supply even if the Colonial pipeline is shut down.

“As we saw, 70 percent of gas stations in many metropolitan areas on the East Coast were without gas and 90 percent in Washington, D.C. were without gas,” Larrañaga said. “And that’s with less than a week of outage. Imagine what would happen if it would have been a long-term outage.”

And, he said the critical Cushing, OK hub represents a “fairly soft target” that is not adequately protected from a physical attack, according to an analysis conducted by the Oklahoma State University School of Fire Protection and Safety, though he said he’s not aware of its cyber security status.

He said he believes the nation’s “critical infrastructure” experts don’t fully appreciate the hub’s importance to the crude oil network despite the fact that his analysis showed about 70 percent of the nation’s oil supply flows through the hub on a daily basis, although he said others are aware of the hub’s importance including private sector oil investors who still use satellite imagery to estimate the amount of oil at Cushing compared to its capacity on any given day (by assessing the position of the floating roofs on each tank) to help guide investment.

If the Cushing hub were shut down for six months, or even less, it would cripple the nation’s ability to operate, Larrañaga said. The nation’s fuel and petrochemical supply is “highly contingent on that hub being fully functional, and we need to make sure it’s as hardened as possible.”

Meanwhile, the New York Times recently reported on Biden administration disclosures of previously classified details about the scope of state-sponsored cyber-attacks on U.S. oil and gas pipelines over the past decade, including China-backed hackers’ targeting of nearly two dozen pipeline companies, as part of a gesture to convince pipeline owners to improve system security.

The bottom line, Larrañaga said, is an oil pipeline shutdown was predicted a decade ago, we should have been better prepared, and another shutdown is likely.

“We should be prepared for another Colonial-type outage,” Larrañaga said. “If not, (a shutdown) could be even more catastrophic. That (Colonial pipeline shutdown) could have been prevented or we should have been prepared to recover much quicker.

“It’s (oil pipeline shutdown) going to happen again. We’re going to have an outage again. So the goal should be to protect the network as best we can.”

INQUIRIES: Heather Hollingsworth Issvoran, Communications and Recruitment | hissvora@nps.edu, 831-402-4672 (PST)

Scroll to Top