An "active series" of cyber attacks were reported on natural gas pipeline companies' computer networks over the past four months, according to the Department of Homeland Security (DHS). The department said it is working with the FBI and other federal agencies, as well as pipelines, to bring down the cyber intruders.
Various sources have provided information to the department's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which investigates threats to public infrastructure, "describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations," said the ICS-CERT in its monthly report in April.
"Analysis of the malware [malicious software] and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign. The campaign appears to have started in late December 2011 and is active today. Analysis shows that these spear-phishing attempts [to gain unauthorized access to confidential data] have targeted a variety of personnel within [private companies]; however, the number of persons targeted appears to be tightly focused. In addition the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization," the ICS-CERT report said.
ICS-CERT said it has been working with critical infrastructure owners and operators in the oil and gas sector since March to address the cyber intrusions. "DHS [also] is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," DHS spokesman Peter Boogaard told NGI.
The Federal Energy Regulatory Commission, which regulates gas pipelines, declined to say whether they are one of the agencies looking into the matter. But "we can say that FERC regularly works with Homeland Security and other intelligence agencies on matters affecting national security -- particularly those that affect critical infrastructure, including natural gas pipelines," the agency said in an e-mail.
It was unclear from the ICS-CERT report whether actual pipeline infrastructure has been threatened. Said Don Santa, president of the Interstate Natural Gas Association of America (INGAA), which represents interstate natural gas pipelines, "to out knowledge, the 'cyber intrusions' reported to DHS have had no impact on deliveries or the safety of the pipeline system." Nevertheless, "we are working to reinforce to our [pipeline] members the importance of being vigilant against potential cyber threats."
INGAA spokeswoman Cathy Landry said the group's pipeline members will contact DHS or its designees if they encounter any threats of unusual cyber activity. She noted that INGAA has received two "official only" communications from the DHS agency in the recent past. "We cannot talk about these communications [publicly] because they are 'official only.'"
Boogaard noted that ICS-CERT has held several classified briefings across the country with pipeline owners and operators to share information related to the cyber attacks. Obama administration officials and Senate staff met last Monday to discuss the situation.
ICS-CERT said it has issued an alert and subsequent updates through the US-CERT Control Systems Center secure portal and also disseminated alerts to sector organizations and agencies to ensure broad distribution to pipeline owners and operators. Pipeline owners/operators who want access to the portal or to the alerts should contact ICS-CERT at firstname.lastname@example.org.
Additional updates are to be issued as new information becomes available, the DHS said.
Intelligence Press Inc. All rights reserved. The preceding news report
may not be republished or redistributed, in whole or in part, in any
form, without prior written consent of Intelligence Press, Inc.