Skip to: Content
Skip to: Site Navigation
Skip to: Search


Alert: Major cyber attack aimed at natural gas pipeline companies

A major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued by the US Department of Homeland Security.

By Staff writer / May 5, 2012

Cyber security analysts work in the 'watch and warning center' at the federal government’s secretive cyber defense lab, in Idaho Falls, Idaho. The Homeland Security Department's Control System Security Program facilities are intended to protect the nation's power grid, water and communications systems.

Mark J. Terrill/AP

Enlarge

A major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.

Skip to next paragraph

At least three confidential "amber" alerts – the second most sensitive next to "red" – were issued by DHS beginning March 29, all warning of a "gas pipeline sector cyber intrusion campaign" against multiple pipeline companies. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing.

That fact was reaffirmed late Friday in a public, albeit less detailed, "incident response" report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls, Idaho. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.

The ICS-CERT is charged with helping secure the nation's industrial control systems – computerized systems that open and close valves, switches, and factory processes vital to the chemical, industrial, and power sectors. Their "fly away" teams visit factories, power plants, and pipeline companies to investigate cyber intrusions.

"ICS-CERT has recently identified an active series of cyber intrusions targeting natural gas pipeline sector companies," the confidential April 13 alert warns. "Multiple natural gas pipeline organizations have reported either attempts or intrusions related to this campaign. The campaign appears to have started in late December 2011 and is active today."

Safeguarding industrial control systems from cyber attack is a major point of debate right now in Congress, which has been wrangling over whether to grant the federal government authority to require that vital sectors like the electric utility, oil and gas, and chemical industries meet certain levels of cyber security.

Approximately 200,000 miles of these interstate natural gas transmission pipelines in the US supply 25 percent of the nation's energy. Pipeline safety has been a major issue in recent years, highlighted by the San Bruno, Calif. pipeline explosion that killed eight people and destroyed 38 homes in the Bay Area in September 2010.

In Friday's public warning, ICS-CERT reaffirms that its "analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source." It goes on to broadly describe a sophisticated "spear-phishing" campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.

Spear-phishing has become one of the attack vectors of choice for cyber spies intent on infiltrating corporate networks. In such an attack, a specific person in the organization is researched, often using social networking sites like Facebook or LinkedIn in order to carefully craft a convincing e-mail that appears to be from a close associate.

But the seemingly benign e-mail typically contains a malicious software attachment or link. Once clicked on or opened, the malware or link creates a back-door for a hacker to then gain entry and begin prowling for valuable data.

Yet there are several intriguing and unusual aspects of the attacks and the US response to them not described in Friday's public notice. One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.

Permissions

Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!