According to stories on MSNBC, CNN, and other major outlets, “A major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.” On March 29th, 2012 the US Department of Homeland Security issued 3 confidential Amber Alerts warning that the US was facing a: “gas pipeline sector cyber intrusion campaign” against multiple pipeline companies. The attacks, which began 4 months ago, are ongoing today. The Industrial Control Systems Cyber Emergency Response Team (ICS CERT), which is responsible for helping secure the nation’s industrial control systems said: “ICS-CERT has recently identified an active series of cyber intrusions targeting natural gas pipeline sector companies,” the confidential April 13 alert warns. “Multiple natural gas pipeline organizations have reported either attempts or intrusions related to this campaign. The campaign appears to have started in late December 2011 and is active today.” ICS-CERT further states: “analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source.” It goes on to broadly describe a sophisticated “spear-phishing” campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.
“There’s not enough information available yet to tell exactly what is the target or goal here,” says Jonathan Pollet, founder of Red Tiger Security, who specializes in industrial control system security and who has worked extensively in the oil and gas industry. “But it’s a concern because if they access the corporate network it’s often just a short step to the next level and right into their control system network.”
The US has 200,000 miles of gas pipelines which support about 25% of the US’ energy needs.