A sophisticated cyberattack designed to access the US natural gas pipelines appears to have been under way for a number of months, the Department of Homeland Security has warned, elevating concerns about the that vital infrastructure could be vulnerable to computer attacks.
The department’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said recently that it had identified a single campaign behind multiple attempted intrusions into several unique pipeline companies since December last year.
ICS-CERT has issued warnings and conducted briefings for natural gas and oil pipeline owners, telling them how to spot warning signs of the attack, and stated it is still “working aggressively with affected organisations to prepare mitigation plans … to remove the threat and harden networks from re-infection”.
There is no information about the source or objective for the attack, but industry experts proposed two possibilities: an attempt to gain control of gas pipelines to be able to interrupt supplies or perhaps an make an attempt to obtain information regarding flows to use in commodities trading.
The original tip-off originated from businesses that had noticed bogus emails sent to staff. The attack uses what is known in the information security industry as “spear-phishing”: using LinkedIn or another source to gather information about a company’s employees, then attempting to trick them into revealing information or opening infected links by sending persuading emails purportedly from colleagues.
ICS-CERT said further details of the attack, which had been published in the alert to pipeline owners, “are considered sensitive and cannot be disseminated through public or unsecure channels”.
Cathy Landry of the Interstate Natural Gas Association of America, the pipeline operators’ group, said: “These intrusions are reconnaissance. But we don’t know if they are trying to get into the pipeline control system, or into company information.”
The susceptibility of the energy industry’s IT Systems has been exposed by two high-profile incidents in the past couple of years.
A previous campaign dubbed, Night Dragon, eventually traced back to an address in China, collected commercially sensitive data on oil and gas fields along with other information from energy companies. The Night Dragon cyberattacks were successful in targeting oil, petrochemical and energy organisations, in addition to executives and key individuals. The attacks were fruitful because they went undetected for a period of between 2-4 years.
That specifc attack was highlighted in a report to the US Congress by prominent US intelligence agencies last year, which cautioned: “Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation’s prosperity and security.”
The US gas pipelines are operated by Supervisory Control and Data Acquisition (Scada) systems, which, along with Distributed Control Systems (DCS) are becoming a focus attack vector for cyber hackers. In 2010 Stuxnet, a virus, caused significant disruption to Iran’s nuclear programme, thought to orginate from a third party national organisation.
The threat of attacks on IT systems has prompted the US authorities to step-up their security efforts recently, including the development of ICS-CERT, designed to protect critical infrastructure such as telecommunications networks, food and water supplies and nuclear reactors as well as oil and gas pipelines. Leon Panetta, then director of the CIA, warned that a cyberattack could be “the next Pearl Harbor”.
The DHS said it was coordinating with the FBI together with other agencies to analyze the latest pipeline attacks.