On May 7th, 2021, the Colonial refined product pipeline, which delivers approximately 45% of the gasoline and jet fuel consumed by the Southeast and eastern seaboard of the U.S., was hit with a cyber attack that shuttered operations for six days. Panic buying ensued and gasoline shortages quickly materialized – highlighting the critical importance of steady energy supply to modern life. The CEO of Colonial Pipeline ultimately decided to pay the attackers $4.5 million in cryptocurrency as ransom to restore operation of the pipeline, ending the disruption within a week.[1] Although on June 7th, the U.S. Department of Justice announced that it had seized approximately $2.3 million of that sum.[2]
We saw what happened after just six days, but what if a major cyber attack disrupts critical energy infrastructure for a more significant amount of time?
Cybersecurity has been a major concern for all industries for quite some time and with the increase in number of cyber attacks on critical energy infrastructure there is the potential for a much more disruptive event than what happened with the Colonial pipeline. Increased automation has made the energy system highly efficient, but automation has also made the system vulnerable to these types of attacks. Considering the impact on the Colonial pipeline, we looked at what would happen to the U.S. gas and power system if the system operations of a major gas pipeline company were disrupted for a longer duration.
A nightmare scenario
Using RBAC’s GPCM® Market Simulator for North American Gas and LNG™, we modeled the potential market impact of a major cyber attack against a large pipeline company such as Kinder Morgan during the upcoming winter heating season. Kinder Morgan was selected because of its importance to the gas system, not because of any perceived cyber security weaknesses. In this scenario, the operating capacities of all of its natural gas pipelines are reduced to only 25% of their normal operating capacity during the months of January and February 2022. Impacted pipelines include: Gulf Coast Express, KM Texas, KM Tejas, Meir-Monterrey, Permian Highway, Elba Express, Fayetteville Express, Florida Gas, KM LA, Midcon Express, Southern, Tennessee Gas, NGPL, Cheyenne Plains, CIG, El Paso, Mojave, Ruby, Sierrita, TransColorado, and Wyoming Interstate. Contrasting the results of this massive outage scenario to RBAC’s 21Q1base scenario allows for estimation of the possible market impacts from such an event.
Figure 1: Map of Kinder Morgan Assets
Source: Kinder Morgan, https://www.kindermorgan.com/WWWKM/media/Documents/Kinder_Morgan_Asset_Map_.pdf
The February 2021 winter storm that caused rolling blackouts in Texas demonstrates an important point: in times of energy scarcity, LDCs and electric utilities are willing to pay extremely high prices for energy because of the importance of reliability (though they are understandably very unhappy about it). Some industrial customers might be forced to pay these high prices to continue operating while others are protected from price spikes by contract terms. For this analysis, it is assumed that all consumers are unresponsive to price during the months of the outage and they are willing to pay any price for gas that is available. That is, the price elasticity for all consumers is set to zero. The scenario also assumes normal weather; impacts could be greater if temperatures are colder than average throughout North America.
The recent outages to the TETCO pipeline demonstrate that pipeline outages can have significant market impacts, and the outcomes from the hypothetical outages generated in the cyber attack scenario mirror that.[3] The results of the scenario show that consumption area prices greatly increase, reflecting gas scarcity. Pipeline shippers relying on interruptible transmission bear the majority of the impact, many of which are gas-fired power plants. Given the wide geographic footprint of Kinder Morgan’s assets, the impacts are widespread, although they are more significant in areas with less pipeline optionality. Producers served by Kinder Morgan assets are also impacted, particularly those in the Appalachian, Permian, and Rockies basins.
Prices are significantly impacted
There are widespread price impacts throughout the US, but the largest impacts fall on consumers in Arizona, California, Florida, and Massachusetts due to their reliance on Kinder Morgan assets.
The loss of pipeline capacity leads to system congestion and wider basis differentials between supply and demand areas – lower prices for producers and higher prices for consumers. Flow patterns throughout the interstate pipeline network also shift, leading to a corresponding shift in prices as more expensive alternative routes are used to bypass the hacked pipelines. In some demand areas, prices could be comparable to those experienced during severe winter storms such as the 2014 Polar Vortex or recent February 2021 winter storm that impacted much of the Midwest and Texas.
In contrast to weather driven shocks to the pipeline system, which strain the system through increased demand for space heating and potentially reduce supply through well freeze-offs, the cyber attack impacts are different. It disrupts a subset of pipelines in the network and does not increase demand. Price impacts are restricted to those areas in the network which lose pipeline capacity and have no alternative means of gas transportation.
The Henry Hub in this instance is expected to decline relative to the 21Q1base scenario by about $0.97/MMBtu (-22%) on average during January and February 2022 because of a loss of pipeline capacity that would normally transport gas away from the Henry Hub.
Waha prices decline $1.50/MMBtu (-36%) during the same period because a significant quantity of Permian area production relies on Kinder Morgan pipelines such as Permian Highway and El Paso. The loss of these pipelines increases local congestion and pushes producer area prices down.
Likewise, the loss of Tennessee Gas Pipeline has a significant impact on both Dominion South prices, which decline an average of $1.44/MMBtu (-41%), and Algonquin city-gates, which increase an average of $5.64/MMBtu (34%).
Finally, Florida city-gates and SoCal city-gates experience large price increases due to the loss of Florida Gas Transmission and El Paso, respectively. Florida city-gates increases by approximately $14.27/MMBtu (283%) and SoCal city-gates increases by approximately $3.67/MMBtu (76%).
Figure 2: Henry Hub Price Impact
Source: Derived from GPCM output
Figure 3: Algonquin City-gates Price Impact
Source: Derived from GPCM output
Figure 4: Waha Price Impact
Source: Derived from GPCM output
Figure 5: SoCal Gas City-gates Price Impact
Source: Derived from GPCM output
Figure 6: Florida City-gates Price Impact
Source: Derived from GPCM output
Gas deliveries to interruptible customers curtailed
Consumers relying on interruptible transportation and without alternative sources of supply would be the hardest hit by such a disruption, although curtailment for firm customers could also occur. In total, approximately 3.6 Bcf/d of demand is curtailed during the outages in the cyber attack scenario, of which 2.6 Bcf/d belongs to the power sector. The majority of the remaining 1 Bcf/d impact fell on industrial customers. In many instances, the power sector would experience the brunt of the outages, which raises concerns for electric reliability in power systems with a high share of gas-fired generation.
In this particular scenario, a loss of deliveries into California due to El Paso outages could strain CAISO, and the loss of Tennessee Gas Pipeline could strain ISO-NE through forced outages to generators in Massachusetts relying on that pipeline for service (though the Algonquin pipeline serves significantly more gas-fired generation than Tennessee).
California curtailments averaged approximately 500 MMcf/d (-35%), Arizona curtailments averaged 230 MMcf/d (-55%), Florida curtailments averaged 917 MMcf/d (-27%), and Massachusetts curtailments averaged 200 MMcf/d (-100%).
The disruption to pipeline operations also impact LNG exports from the Elba Island and Corpus Christi terminals as both are served by Kinder Morgan pipelines. The Elba Island terminal is served by the Kinder’s Elba Express pipeline while the Corpus Christi terminal is served by NGPL, Tennessee Gas Pipeline, KM Tejas pipelines. Elba Island exports fall on average 160 MMcf/d (-42%) and Corpus Christi exports fall 215 MMcf/d (-16%). The scenario assumes that LNG exports are not sensitive to prices, so the impacts to facilities could be larger depending on global market conditions and the degree to which a terminal holds take or pay contracts.
Figure 7: California Demand Impact
Source: Derived from GPCM output
Figure 8: Arizona Demand Impact
Source: Derived from GPCM output
Figure 9: Florida Demand Impact
Source: Derived from GPCM output
Figure 10: Massachusetts Demand Impact
Source: Derived from GPCM output
Supply in the Permian, Appalachian, and Rockies basins shut-in
Finally, the total supply available would also decline in this scenario by 3,300 MMcf/d relative to 21Q1base (-3.3% of US production) during the outage. Production in the Permian, Appalachian, and Rockies basins experience the largest impact. Production in the “Cyber Attack” scenario fell by 967 MMcf/d (-2.8%) for the Appalachian basin, in the Permian basin by 1,100 MMcf/d (-7.5%), and in the Rockies basin by 450 MMcf/d (-5.3%).
Figure 11: Appalachian Production Impact
Source: Derived from GPCM output
Figure 12: Rockies Production Impact
Source: Derived from GPCM output
Figure 13: Permian Production Impact
Source: Derived from GPCM output
Significant to severe impacts to gas-fired generation and other shippers relying on interruptible pipeline transportation
There is the potential for significant disruptions to natural gas supplies due to a cyber attack on natural gas pipelines, and in turn disruptions to the power sector due to its high reliance gas-fired power generation in certain systems. Shippers relying on interruptible transportation, and those limited to a single pipeline source in particular, are most at risk to experience a loss of gas supply in the event of a cyber attack on natural gas pipelines.
FERC Commissioners nominated by both major US political parties have expressed concern over pipeline cyber security and its relationship to electric reliability in FERC Open Meetings[4], op-eds[5], and Senate testimony[6]. In various statements, both Commissioners Chatterjee and Glick have noted that in contrast to the power sector, natural gas pipelines do not have mandatory cybersecurity standards, and the Commissioners call for legislation to be passed to require similar standards. In addition, they note that pipeline cybersecurity oversight is currently under the Transportation Security Administration’s purview, which currently has approximately 34 employees dedicated to the issue (up from six in 2018). Both Commissioners called for the responsibility to be transferred over to the Department of Energy.
Even if only a single pipeline were knocked out of service, local impacts could be significant. The loss of Florida Gas Transmission and El Paso result in severe impacts to the markets those pipelines serve in the “Cyber Attack” scenario presented in this article.
The critical importance of energy infrastructure makes it a likely target for cyber attacks, highlighting the necessity of making these systems as resilient as possible to this growing threat. Natural gas use has grown to become a cornerstone of North American energy, making actionable market intelligence essential for modern energy professionals. GPCM is a state-of-the-art modeling system with over 24 years of proven success in helping clients understand the complexities of the North American natural gas market. GPCM’s flexibility allows users to model nearly any conceivable scenario to gain insight about the impacts of potential events and quantify risk.
[6] https://www.energy.senate.gov/services/files/BCD69DE2-2825-4E7E-A017-55E3C51BD544
