Natural gas pipeline companies under siege, DHS arm warns

Share this article:

Since around Christmas, natural gas pipelines in the United States have been under attack from a focused group of adversaries, according to a recent alert released by a Department of Homeland Security (DHS) cyber watchdog.

The alert, part of the Industrial Control Systems Cyber Emergency Response Team's (ICS-CERT) "Monthly Monitor" report, warned that officials have received reports of a number of attempted and successful intrusions into the networks of organizations affiliated with the natural gas pipeline industry.

"Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign," the alert said. "The campaign appears to have started in late December 2011 and is active today."

Attackers appear to be using a common method to gain a network foothold: social engineering, according to ICS-CERT. They are targeting a select few targets and delivering legitimate-looking emails that appear to come from a trusted colleague, a tactic known as spear phishing.

ICS-CERT, which did not identify the adversaries, is trying to determine the breadth of the infection, as well as developing ways to both detect and remove the malware.

"ICS-CERT has conducted a series of briefings across the country to share information related to the intrusion activity with asset owners [and] operators," it said. "ICS-CERT will continue to work with private sector and government partners to respond to this and other cyber threats."

According to a 2007 U.S. Department of Energy document, there are more than 210 natural gas systems covered by 300,000 miles of pipes. Texas has more pipelines running through it than the next nearest state (Louisiana), by a roughly three-to-one margin.

Government organizations and private-sector security experts have been warning for several years how susceptible critical infrastructure organizations are to cyber attacks, especially as control systems become increasingly connected to the public internet.

DHS spokesman Peter Boogaard told in an email on Monday that ICS-CERT has been collaborating with private companies in the oil-and-gas sector since March. 

"DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," he said.

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.