WASHINGTON — A series of cyber attacks has been targeting US natural gas pipeline operators, officials acknowledged Tuesday, raising concerns among security experts about vulnerabilities in key infrastructure.
The Department of Homeland Security “has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies,” DHS spokesman Peter Boogaard said in an email to AFP.
He said the attack “involves sophisticated spear-phishing activities targeting personnel within the private companies” and added that the FBI and other federal agencies are assisting in the probe.
Spear-phishing is a technique used to target a specific company or organization by sending fake emails designed to get employees to divulge passwords or other security information.
DHS confirmed a report in the Christian Science Monitor, which first reported confidential alerts had been made to US energy firms.
A public alert released by an arm of DHS said the activity may date back to December 2011.
The alert from Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS, said the e-mails “have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization.”
Interstate Natural Gas Association of America spokeswoman Cathy Landry told AFP that its member firms had been in contact with investigators.
“We have received some bulletins,” she said.
“We know the nature of the threat but we don’t know the intent of the threat… we have been getting the word out to everyone in the industry, we want to make sure everyone knows this threat is out there.”
Joe Weiss, managing partner for the security firm Applied Control Solutions, said the latest attacks highlight the vulnerability of so-called critical infrastructure systems.
He said control systems vulnerabilities can be found in the electrical grid, water utilities and others as well as pipeline operators.
“Once you get to those systems, really bad things happen,” he said. “That’s where people die.”
But tracking the attacks can be difficult because of a lack of forensics, Weiss said.
“You have your usual list of suspects, nation-states like Iran, radical Muslims, a bunch of radical organizations in the states who don’t like anyone they feel is not environmentally friendly,” he told AFP
“But you also now have cyber exploit code on the Web for free that any number of people can get to.”
Weiss said the motivation was unclear, because the attackers may be unhappy with the companies, may be targeting the infrastructure or may simply be hacking to show it can be done.
He maintained that security is often looser in the field operations than in corporate websites, because most firms do not expect those operations to be accessed by outsiders.
“We don’t know if (the target) is the pipelines themselves or the pipeline companies,” he said.
Kapil Raina of the security firm Zscaler said the biggest fear “would be a coordinated attack on several facilities that would trigger automatic responses at other facilities, potentially causing a chained effect — similar to an electrical blackout but with more severe consequences.”
Because natural gas prices are low, he said, “the attack could have other affects including driving up the price of natural gas dramatically and creating financial market turmoil.”
The news of the attacks comes with the US experiencing a natural gas boom thanks to expanded use of hydraulic fracturing or “fracking” which can unlock shale gas from deposits that had previously been inaccessible.
Brian Contos of the online security firm McAfee, said these types of attacks are increasingly common and that companies are responding with tighter controls.
“What we thought kept us secure the last 20 years won’t keep us secure the next. As the enemy matures and adapts so must we,” Contos said.
Trump took out DNI head Dan Coats to install a new acting director in charge of whistleblowers: CIA veteran
Appearing on MSNBC's "AM Joy," a longtime veteran CIA official said the whistleblower, who ran to the inspector general with a complaint about Donald Trump asking Ukraine's president for dirt on Joe Biden, should expect the president and his aides to come after them.
Speaking with host Joy Reid, Jonna Mendez said she saw the first warnings signs that something was up in the U.S. intelligence community when the president forced DNI head Dan Coats and his top deputy out.
"Through the lens of someone who spent 27 years at the CIA, the thing that caught my eye instantly was Dan Coats' resignation follow by Sue Gordon," Mendez explained. "The fact that Dan Coats went into a meeting and said 'Sue, you've got to resign' and that she did, truncating a career that clearly hadn't reached its zenith."
GOP’s cancellation of presidential primaries could blow up in Trump’s face — here’s why
In recent weeks, Republican state party committees have been moving to cancel presidential primaries to prevent Never-Trump conservatives, like former Reps. Joe Walsh (R-IL) and Mark Sanford (R-SC) and former Gov. Bill Weld (R-MA), from challenging the president from the right. So far, Republicans in Arizona, Kansas, Nevada, and South Carolina have all announced they will scrap the voting process for 2020.
Mike Pence should be investigated for his part in Ukraine negotiations and ‘we need some answers’: Ex-prosecutor
On MSNBC's "AM Joy" Saturday, former federal prosecutor Joyce Vance agreed with host Joy Reid that Vice President Mike Pence could be involved in the Ukraine whistleblower cover-up — and that Congress needs to act to learn the truth for the American people.
"Let me go to you on this very quickly, Joyce, because here's the question for Mike Pence," said Reid. "Mike Pence has been sort of severed from all of the other questions that are relating to potential impeachment for Donald Trump, that the House is wrestling with right now, but if Pence ... went in knowing why the aid was being held up, went in and spoke to the leader of Ukraine knowing what stick the administration had over them, and in that way was drawn in to this idea of using that stick to try to get what they wanted from Ukraine, does he then face the jeopardy of perhaps also being drawn into the questions of impeachment?"