A major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued by the US Department of Homeland Security.
At least three confidential "amber" alerts – the second most sensitive next to "red" – were issued by DHS beginning March 29, all warning of a "gas pipeline sector cyber intrusion campaign" against multiple pipeline companies. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing.
Another report came from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.
The ICS-CERT is charged with helping secure the nation's industrial control systems – computerized systems that open and close valves, switches and factory processes vital to the chemical, industrial, and power sectors. Their "fly away" teams visit factories, power plants, and pipeline companies to investigate cyber intrusions.
Approximately 200,000 miles of interstate natural gas transmission pipelines in the US supply 25 percent of the nation's energy.
In its warning, ICS-CERT re-affirms that its "analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It describes a sophisticated "spear-phishing" campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.
Beyond indicating that multiple companies were targeted and some other systems compromised, neither the alerts nor the public notice indicate just how many companies have been infiltrated. The documents also do not indicate that any companies' pipeline operations – or their vital computerized industrial control systems that run pumps – have yet been affected.