A domestic natural gas pipeline was recently forced to shut down operations for two days following a cyberattack that affected control and communication assets on the operational technology (OT) network of a compression facility, according to the Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency.
Cyber criminals used a spear-phishing link to download malware into the unnamed company's information technology (IT) network "before pivoting to its OT network," DHS said in an alert issued Tuesday. The malware was delivered via an email that contained links "accompanied by social engineering text and required[d] the user to actively click or copy and paste a URL into a browser," DHS said.
The cyber criminals then deployed commodity ransomware to encrypt data on both networks, thereby blocking the company's access to certain data.
"Specific assets experiencing a loss of availability on the OT network included human machine interfaces, data historians and polling servers," DHS said. "Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a loss of view for human operators.
"The attack did not impact any programmable logic controllers and at no point did the victim lose control of operations. Although the victim's emergency response plan did not specifically consider cyberattacks, the decision was made to implement a deliberate and controlled shutdown of operations."
While the direct operational impact of the cyberattack was limited to one control facility, "geographically distinct compression facilities also had to halt operations because of pipeline transmission dependencies. This resulted in operational shutdown of the entire pipeline asset lasting approximately two days.”
The pipeline was able to resume operations after obtaining replacement equipment and loading last-known-good configurations, DHS said.
The DHS alert included a lengthy list of recommended mitigation efforts for asset owners, including ensuring emergency response plans consider the full range of potential impacts posed by cyberattacks, and implementing robust segmentation between IT and OT networks.
During a hearing last year before the U.S. House Energy and Commerce Committee's energy subcommittee, members of the Federal Energy Regulatory Commission expressed concerns about the lack of mandatory cybersecurity standards for the U.S. gas pipeline system. A Government Accountability Office audit in December 2018 concluded that gas and oil pipeline security guidelines were not keeping pace with cybersecurity standards.