There has been an "active series" of cyber attacks on natural gas pipeline companies' computer networks over the past four months, according to the Department of Homeland Security (DHS). The department said it is working with the FBI and other federal agencies, as well as pipelines, to bring down the cyber intruders.
Various sources have provided information to the department's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which investigates threats to public infrastructure, "describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations," said the ICS-CERT "Monthly Monitor" report in April.
"Analysis of the malware [malicious software] and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign. The campaign appears to have started in late December 2011 and is active today. Analysis shows that these spear-phishing attempts [to gain unauthorized access to confidential data] have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization," the ICS-CERT report said.
ICS-CERT said it has been working with critical infrastructure owners and operators in the oil and gas sector since March to address the series of cyber intrusions targeting pipeline companies. "The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," DHS spokesman Peter Boogaard told NGI.
He noted that ICS-CERT has held several classified briefings across the country with pipeline owners and operators to share information related to the cyber attacks. Obama administration officials and Senate staff met Monday to discuss the situation.
"Our members are aware of this situation and take all security issues, including cyber threats, seriously," said Cathy Landry, a spokeswoman for the Interstate Natural Gas Association of America (INGAA), which represents interstate gas pipelines.
"Our members will contact DHS or its designees if they encounter any threats of unusual cyber activity." She noted that INGAA has received two "official only" communications from the DHS agency in the recent past. "We cannot talk about these communications [publicly] because they are 'official only.'"
ICS-CERT said it has issued an alert and subsequent updates through the US-CERT Control Systems Center secure portal and also disseminated alerts to sector organizations and agencies to ensure broad distribution to pipeline owners and operators. Pipeline owners/operators who want access to the portal or to the alerts should contact ICS-CERT at firstname.lastname@example.org.
Additional updates will be issued as new information becomes available, the DHS said.
Intelligence Press Inc. All rights reserved. The preceding news report
may not be republished or redistributed, in whole or in part, in any
form, without prior written consent of Intelligence Press, Inc.