Several agencies within the federal government are investigating a series of cyberattacks directed at a third-party software system used by several U.S. natural gas pipeline companies, as the software provider looks into restoring data that was lost.
The cyberattacks, which appear to have started last Thursday, were directed at pipelines using the Electronic Data Interchange (EDI), a platform offered by Latitude Technologies Inc., a subsidiary of Norwell, MA-based Energy Services Group LLC. At least four pipeline companies have been affected so far.
Although details are slim, an investigation involving the Department of Homeland Security (DHS), the Department of Energy (DOE) and FERC is underway.
"When we become aware of a potential incident, we work to gather information and offer the company or organization technical assistance and expertise," DHS spokesman Scott McConnell said Wednesday. "However, in order to ensure robust information sharing between private sector partners and DHS, the department does not disclose information shared with us for cybersecurity purposes."
DOE Press Secretary Shaylyn Hynes said late Wednesday that the department "is aware of the situation, and as the Sector Specific Agency for the energy sector, is working closely with our interagency and public partners to support the sector.
"Ensuring we have a safe, reliable, and resilient grid is a national security issue that continues to be one of [DOE] Secretary [Rick] Perry’s highest priorities."
Tamara Young-Allen, spokeswoman for the Federal Energy Regulatory Commission, said "FERC staff is aware of the situation and is coordinating with our federal partners, such as DHS and DOE, to evaluate the circumstances and take appropriate actions."
So far, pipeline subsidiaries of four companies -- Oneok Inc., Boardwalk Pipeline Partners LP, Chesapeake Utilities Corp. and Energy Transfer Partners LP (ETP) -- have been affected by the cyberattacks.
On Tuesday, Oneok announced that it had temporarily disabled its EDI system, citing EDI as the "target of an apparent cyberattack." But the company emphasized that its decision to shut down EDI was "a purely precautionary step," and that Oneok's natural gas pipelines were operating normally.
"Media outlets misinterpreted the company's notification to customers as a reaction to an attack on Oneok's system," the company said. "There were no operational interruptions on Oneok's natural gas pipelines. Affected customers have been advised to use one of the alternative methods of communications available to them for gas scheduling purposes."
Last Friday, three Oneok subsidiaries -- Guardian Pipeline LLC, Midwestern Gas Transmission Co. and Viking Gas Transmission Co. -- posted critical notices stating that "all EDI transmissions are down," and referred customers to Oneok websites for making communications, adding "it is unclear as to the length of time the outage will last." A second notice said "EDI transmission is back up."
Similar notices, marked as non-critical, were posted Wednesday by four subsidiaries of Boardwalk. The subsidiaries -- Texas Gas Transmission LLC (TGT), Gulf South Pipeline Co. LP, Gulf Crossing Pipeline Co. LLC and Boardwalk Storage Co. LLC -- said Boardwalk's EDI system "continues to be unavailable until further notice."
Although the notice said the EDI outage did not affect customers interested in making nominations and confirmations for three of the aforementioned subsidiaries, Boardwalk conceded that TGT customers looking to do the same would be affected.
"The EDI outage does not affect the ability of customers to interact with the Boardwalk Pipelines via the individual pipeline's online customer activities website," Boardwalk said in the notice. "In order to enter/edit nominations and/or confirmations, customers should log in to the pipeline's customer activities website. The length of time that EDI will be unavailable has not been determined."
Boardwalk spokeswoman Molly Ladd Whitaker told NGI that service from all four subsidiaries has not been impacted by the EDI outage. "Customers are conducting business via our customer activities website until EDI service is fully operational," she said Wednesday.
On Monday, Eastern Shore Natural Gas (ESNG), a subsidiary of Chesapeake Utilities, issued a critical notice stating that there had been "an unplanned outage as the result of a cyberattack" of its IWS system, of which Latitude is the system vendor. The outage began last Thursday and ended Monday.
"At this point, Latitude system operations have been restored and the ESNG IWS is available for nomination entry," ESNG said in its notice. The company added that "Eastern Shore operations were not impacted during this event."
'A Very Challenging Situation'
The ESNG notice also included a copy of a message it had received from Latitude management on Monday, which led off with the software developer thanking its customers for their "patience as we have worked through a very challenging situation...
"At this time, we do not believe any customer data was compromised. However, as a precaution, all users will be forced to create a new password when they log into the system."
Latitude added that while historical transaction data -- including contracts, nominations, scheduling and allocations -- posted by last Thursday morning were now available in their customers' system, other files, including historical invoices, were not.
"We are investigating the re-establishment of this data," Latitude said. "You may wish to re-upload missing information to your info postings site. We sincerely apologize for the inconvenience this outage may have created for you, your staffs and your customers, and we remain grateful for your patience as we have worked to remedy it."
Cathy Landry, spokeswoman for the Interstate Natural Gas Association of America, said that while she couldn't comment on any specific company's outage, there was an important distinction to make over what systems have been targeted so far.
"As we understand it, these attacks were on information systems," Landry said. "It looks like electronic bulletin boards and automated nomination systems were impacted. It's important to recognize that this does not appear to be an attack on an operational system, aka a SCADA or control system.
"An attack on a network certainly is inconvenient and can be costly, and something any company -- whether a retailer, a bank, a media company or pipeline -- wants to avoid, but there is no threat as such to public safety or to natural gas deliveries."
ETP issued a critical notice on Monday afternoon that its EDI system had experienced an outage. A second notice issued less than five hours later said the system was back online. Officials with Kinder Morgan Inc. and Tallgrass Energy Partners LP confirmed that they also use EDI, but their systems were not affected.
Last month, the Trump administration accused Russian government operatives of targeting the U.S. energy sector, government agencies and other critical infrastructure sectors with a series of cyberattacks for at least the last two years. The accusation followed an investigation by the Department of Homeland Security and the Federal Bureau of Investigation.
In early March, the House Committee on Science, Space and Technology issued a report that found Russian agents were using social media to try and disrupt energy markets in the U.S.