Cybersecurity, Emerging Issues in Security

Pipeline Cyberattack Results in FMCSA Issuing HOS Exemption

On May 9, the Federal Motor Carrier Safety Administration (FMCSA) issued a temporary exemption for commercial motor vehicles (CMVs) from hours of service (HOS) regulations to ensure adequate fuel supplies in several East Coast states following a cyberattack on the Colonial Pipeline.

Fuel or oil truck, pipeline, transportation

Pavel Chagochkin / Shutterstock.com

The temporary exemption applies to drivers and motor carriers transporting diesel, gasoline, jet fuel, and other refined petroleum products to Alabama, Arkansas, the District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.

The exemption remains in place until June 8 or until the agency terminates its emergency declaration.

Colonial’s pipeline transports approximately 45% of all fuel consumed on the East Coast, according to the company’s website. The company transports various grades of diesel fuel, gasoline, home heating oil, and jet fuel, as well as fuel for the U.S. military, through its pipeline system, which is connected to refineries in the Gulf Coast and the Northeast.

The FMCSA granted relief from 49 CFR Parts 390 through 399 for drivers and motor carriers providing direct assistance during the emergency to affected states due to the shutdown, partial shutdown, and/or manual operation of the Colonial Pipeline system.

All other motor carrier safety regulations remain in force, including alcohol and controlled substance testing requirements (Part 382), all motor carrier size and weight requirements, commercial driver’s license requirements (Part 383), hazardous materials transportation regulations (Parts 100 to 180), and motor carrier financial responsibility (insurance) requirements (Part 387).

The HOS exemption only applies while drivers are engaged in direct support of emergency relief efforts related to the shortages of diesel, gasoline, jet fuel, and other refined petroleum products. The direct assistance exemption terminates when a driver or CMV is used in interstate commerce to transport other cargo or provide services not in support of emergency relief efforts.

However, a driver may return empty to the motor carrier’s terminal or the driver’s normal work reporting location.

When a driver moves from emergency relief efforts to normal operations, a 10-hour break is required when the total time a driver conducts emergency relief efforts, or a combination of emergency relief and normal operation, equals 14 hours.

Motor carriers or drivers currently subject to out-of-service orders are not eligible for the exemption under the emergency declaration until they have met applicable conditions and the order has been rescinded by the FMCSA.

The FMCSA stated it would work closely with states and the agency’s industry partners to monitor driver work hours and conditions for the duration of the exemption. Although the pipeline shutdown necessitates providing flexibility for the industry, the agency said safety remains its top priority.

On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack involving ransomware, according to a company statement. Colonial took certain systems offline to contain the threat, temporarily halting all pipeline operations. The company engaged a third-party cybersecurity firm and has launched an ongoing investigation into the nature and scope of the incident.