U.S. Sees Wave Of New Cyber Attacks On Energy Infrastructure
- April 12, 2018
- 157 views
In the past few weeks at least seven natural gas pipeline operators were the victims of hackers that targeted third-party communications system Latitude Technologies, causing service disruptions and breakdowns in electronic communications with customers–and that’s lucky. The hacks, while extremely concerning, did not disrupt the supply of gas to U.S. consumers, but the industry may not be so fortunate next time.
The post, U.S. Sees Wave Of New Cyber Attacks On Energy Infrastructure, was first published on OilPrice.com.
In addition to the attack on Latitude Technologies, four pipeline providers (Oneok, Boardwalk Pipeline Partners, Energy Transfer Partners and Eastern Shore Natural Gas) confirmed that they were also direct victims of cyber-attacks. This recent slew of pipeline hacks, while it was thankfully without severe consequences, serves as a wake-up call, bringing attention to the vulnerability of our energy systems and vital infrastructure like pipelines.
The vulnerability of vital national institutions like oil and gas pipeline infrastructure will only continue to grow as the energy industry becomes more and more automated and internet-dependent with each passing year. Not only are energy companies in possession of huge swaths of confidential information vulnerable to cyber-attacks like user profiles, energy strategies and business data, there could also be dire physical repercussions to a systems breach.
Infrastructure components like control valves, pressure monitors and other essential industry equipment are connected to wireless networks that we now know are far from unassailable. Cybersecurity experts and even the Congressional Research Service has warned that these hackers could potentially cause spills, fires, and service disruptions all from the comfort of their own home.
The natural gas pipeline owners affected by the breach were not required to report the incident to the U.S. Transportation Security Administration, the agency in charge of overseeing the operations of the more-than 2.6 million miles of oil and gas conduits in the United States. The seven incidents that we are aware of were made public via website notices aimed at customers or through journalistic reporting, which makes it believable that these seven companies are just some of a total number of pipelines attacked in the past weeks.
Now, legislators are questioning the current system of (non)response to such threats, and how the industry should be handling cybersecurity going forward, with the possibility of heavier regulation.
Perhaps not coincidentally, the revelation of the recent attacks on pipelines’ communication systems comes very soon after a March announcement from the U.S. government that Russian hackers had gained access to the national electric grid, and targeted attacks to infrastructure could be forthcoming.
Additionally, there have been hacks directed at oil and pipelines dating back to 2012, as recorded by the Congressional Research Service. Six years ago the Department of Homeland Security issued multiple warnings about an active Phishing campaign that has been targeting the natural gas industry. Thankfully, there has been some action since. This February Rick Perry, the Trump-appointed Energy Department Secretary, said that he would be directing $96 million to the creation of an office to address cyber threats within the energy industry, however this effort could prove to be too little, too late.
Just last year the massive German engineering company Siemens released a study that found that the oil and gas industry in the U.S. was woefully unprepared for a cyber-attack in operational technology environments. One in five respondents to their survey even confirmed that their organization had already experienced attacks by sophisticated malware including Duqu and Flame.
Also, very tellingly, sixty-nine percent of respondents in the study reported that they were worried about the risks associated with third-parties in the supply chain. With all of this information already studied, published, reported on, and widely available, we’re left to ask: what happened? Why was this not prevented? And, more importantly, how bad will the next attack be?