Natural gas pipeline companies under siege, DHS arm warns
Since around Christmas, natural gas pipelines in the United States have been under attack from a focused group of adversaries, according to a recent alert released by a Department of Homeland Security (DHS) cyber watchdog.
The alert, part of the Industrial Control Systems Cyber Emergency Response Team's (ICS-CERT) "Monthly Monitor" report, warned that officials have received reports of a number of attempted and successful intrusions into the networks of organizations affiliated with the natural gas pipeline industry.
"Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign," the alert said. "The campaign appears to have started in late December 2011 and is active today."
Attackers appear to be using a common method to gain a network foothold: social engineering, according to ICS-CERT. They are targeting a select few targets and delivering legitimate-looking emails that appear to come from a trusted colleague, a tactic known as spear phishing.
ICS-CERT, which did not identify the adversaries, is trying to determine the breadth of the infection, as well as developing ways to both detect and remove the malware.
"ICS-CERT has conducted a series of briefings across the country to share information related to the intrusion activity with asset owners [and] operators," it said. "ICS-CERT will continue to work with private sector and government partners to respond to this and other cyber threats."
According to a 2007 U.S. Department of Energy document, there are more than 210 natural gas systems covered by 300,000 miles of pipes. Texas has more pipelines running through it than the next nearest state (Louisiana), by a roughly three-to-one margin.
Government organizations and private-sector security experts have been warning for several years how susceptible critical infrastructure organizations are to cyber attacks, especially as control systems become increasingly connected to the public internet.
DHS spokesman Peter Boogaard told SCMagazine.com in an email on Monday that ICS-CERT has been collaborating with private companies in the oil-and-gas sector since March.
"DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," he said.