Telvent, a Canadian firm whose software systems and services are used to remotely manage more than half of the oil and gas pipelines in North America and Latin America, last Wednesday confirmed a security breach involving the project files of some of its customers.
To the best of its knowledge no operational disruptions on natural gas pipelines have been reported as a result, said the Interstate Natural Gas Association of America (INGAA), which oversees interstate gas pipelines in the United States. Telvent "notified its users of the attack immediately and has kept them informed step by step," INGAA said.
A spokesman from Schneider Electric, the French giant that owns Calgary-based Telvent, said the company has sent letters to all affected customers informing them of the breach. And "Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained," Schneider Electric said.
Schneider Electric's confirmation of the breach came after security blogger Brain Krebs, a former blogger with The Washington Post, disclosed the security breach.
In the letters to its customers, Telvent said on Sept. 10 it learned of a breach of its internal firewall and security systems. Telvent said the attackers installed malicious software and stole project files related to one of its core offerings -- OASyS SCADA -- a product that helps energy firms mesh older IT assets with more advanced "smart grid" technologies.
Telvent for years has dominated the SCADA (supervisory control and data acquisition) systems market for oil and gas pipelines, which allows energy companies to do things such as remotely opening and closing valves in oil and gas pipelines and monitoring pipeline pressure and temperature. Telvent's SCADA systems are typically customized for each customer's requirements. And an attacker with access to information on a particular customer's implementation would be able to identify potential soft spots and attack them, according to Sunrise, FL-based Digital Bond.
OASyS SCADA is Telvent's flagship SCADA product. According to Digital Bond, there are at least three potentially serious consequences of the breach, including that hackers potentially used their presence on the Telvent network to: pivot and compromise the Telvent customer SCADA systems that were connected to the Telvent network; modify project files that were in the deployment phase; and download the customer project files for a future attack.
Telvent said it has disabled all data links between customers and affected portions of its networks as a precautionary move. The company has implemented new procedures for providing remote support to clients while it works on ridding its networks and systems of all malware.
From Telvent's description of the malware in its alert, the company appears to have been attacked by a notorious Chinese hacking group called the Common Group, according to Krebs. The group has been associated with cyber espionage activities against large energy companies and Fortune 500 firms for the past several years, the blogger said.
News of the Telvent breach came just days after Dell's SecureWorks Counter Threat Unit issued an alert warning of a sustained cyber espionage campaign directed at companies in the energy sector. And it followed on the heels of FERC Chairman Jon Wellinghoff's recent announcement of the creation of an office at the agency that will focus on cyber and physical security risks to energy facilities under its jurisdiction, such as interstate natural gas pipelines, gas storage and electric transmission facilities (see NGI, Sept. 24).
The new Office of Energy Infrastructure Security (OEIS) will aid the Commission in identifying potential risks to Federal Energy Regulatory Commission (FERC) jurisdictional facilities from cyber attacks and such physical threats as electromagnetic pulses, as well as seeking solutions to the problem. OEIS, which will have a staff of 10-15, will be led by Joseph McClelland, who has been director of FERC's Office of Electric Reliability since 2006. How effective it will be in detecting security threats or preventing security threats to energy infrastructure remains to be seen.
Last month, Wellinghoff expressed his exasperation with the lack of a federal system for reporting threats to energy infrastructure (see NGI, Sept. 10). "Nobody has adequate authority with respect to the both electric and gas infrastructure in this country regarding known threats and vulnerabilities," Wellinghoff said during a media breakfast at the National Press Club sponsored by IHS The Energy Daily. "If I had a cyber threat that was revealed to me in a letter tomorrow, there's little I could do the next day to ensure that that threat was mitigated effectively by some action by the utilities that were targeted," he said.
Intelligence Press Inc. All rights reserved. The preceding news report
may not be republished or redistributed, in whole or in part, in any
form, without prior written consent of Intelligence Press, Inc.