Colonial Pipeline Faces $1M Civil Penalty Over Hack

May 11, 2022

The U.S. Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) issued a Notice of Probable Violation (NOPV) and Proposed Compliance Order to Colonial Pipeline Company, which includes multiple probable violations of Federal pipeline safety regulations (PSRs). The proposed civil penalties amount to $986,400.

From January through November 2020, PHMSA conducted an inspection of Colonial Pipeline Company’s procedures and records for Control Room Management (CRM) in Linden, NJ, Hebert, LA, Greensboro, NC, and Alpharetta, GA. PHMSA made preliminary determinations that Colonial Pipeline Company was in probable violation of several PSRs, including a probable failure to adequately plan and prepare for manual shutdown and restart of its pipeline system. PHMSA informed Colonial Pipeline of the alleged non-compliance items shortly after the 2020 inspections concluded. The NOPV alleges that failures to adequately plan and prepare for a manual restart and shutdown operation contributed to the national impacts when the pipeline remained out of service after the May 2021 cyber-attack.

“The 2021 Colonial Pipeline incident reminds us all that meeting regulatory standards designed to mitigate risk to the public is an imperative,” said PHMSA Deputy Administrator Tristan Brown. “PHMSA holds companies accountable for violations and aims to prevent any instances of non-compliance.”

PHMSA has longstanding and comprehensive guidance on its enforcement of PSRs as well as its civil penalties, which are calculated using a range of criteria and based on statutory limitations. Under the authorities granted by Congress, PHMSA may propose civil penalties; the recipient of which may contest, contest in part, or accept. A pipeline operator that receives a proposed civil penalty may also request and receive an informal hearing before a presiding official of the agency and prior to a proposed civil penalty being finalized. PHMSA publishes its entire history of enforcement actions online for public consumption, available here.