Exclusive: Cyberattack leaves natural gas pipelines vulnerable to sabotage
A government report says a cyberattack against 23 natural gas pipeline operators stole crucial information that could compromise security. Experts strongly suspect China's military.
(Page 3 of 3)
Chinese government officials reject accusations that cyberspies connected to its military have scooped up gigabytes of stolen data from pipeline companies. China’s embassy in Washington did not respond to e-mailed requests for comment by press time. But a spokesman contacted by the Monitor earlier this month rejected Mandiant’s assertions.Skip to next paragraph
Subscribe Today to the Monitor
“Cyber attacks are transnational and anonymous. Determining their origins is extremely difficult. We don't know how the evidence in this so-called report can be tenable,” Geng Shuang, spokesman at the Chinese Embassy in Washington said in an e-mailed statement. “Chinese laws prohibit cyber attacks and China has done what it can to combat such activities in accordance with Chinese laws and regulations.”
Is it all about 'fracking'?
DHS officials refused to comment on the source of the attacks or answer a list of e-mailed questions, but they noted that the Department actively works with the private sector during cyberincidents to create “situational awareness.
“Protecting critical infrastructure against growing and evolving cyberthreats requires a layered approach,” DHS spokesman Peter Boogaard said in a statement. The agency actively works with companies “to improve the security and resilience of critical infrastructure” and in “mitigating the impacts of attempted disruptions to the Nation’s critical cyber and communications networks.”
So far, there is no evidence that America's natural gas pipelines have been sabotaged. But experts say China could have a more immediate interest in natural-gas data beyond the longer-term threat of a theoretical cyberwar. The cyberspies are aiming mainly at stealing technology related to hydraulic fracturing or “fracking” of shale to extract natural gas, says Mr. Huber of Critical Intelligence.
Stealing industrial secrets about fracking could help energy-starved China develop its own technologies to mine natural gas without having to buy equipment or expertise from abroad.
Natural gas pipeline industry officials are concerned.
“Our industry takes these threats seriously and continues to work with ICS-CERT and other agencies to ensure security,” says Cathy Landry, a spokesman for the Interstate Natural Gas Association of America. “It was serious before, it’s serious now. When you’re dealing with cybersecurity, it’s just as important as a physical threat.”
Attacks hit suppliers, too
In addition to attacks on pipeline operators, cyberspies have also targeted suppliers of crucial control-system technologies. One notable company highlighted in the DHS report as having been hacked is Telvent Canada, which has a huge footprint in the oil and gas industry – and a key role in the emerging “smart grid” that more efficiently coordinates energy distribution. Its software allows old and new software to speak to each other – and control critical systems.
If captured, the source code from such a product could be used to far more easily develop potent cyberweapons akin to Stuxnet, a hyper-sophisticated software weapon reported to have destroyed 1,000 or more Iranian nuclear centrifuges.
"The attackers used their presence on the Telvent network to download the customer project files for a future attack – think future Stuxnet," Dale Peterson, a control system security experts wrote in his blog. "If an attacker were going to attack a process in a sophisticated manner they would need time and talent to study the project files and essentially reverse engineer the process."
As with the pipeline hacks, the source of the Telvent attacks appears to be Unit 61398.
“Yes, we have indicators that match Telvent” to other hacks traced to Unit 61398, Huber writes in an e-mail. “So yes, same group likely.”