• Subscribe to our feed
  • Like us on Facebook
  • Follow us on Twitter
  • Join Us on LinkedIn

Cyber attacks hit gas pipelines

by Christine Meyers on May 9, 2012

Technorarti Verification code: 4T9PS7PC3FNV
Recent reports of sophisticated phishing attacks against natural gas pipeline operators in the United States are highly disturbing. There are approximately 200,000 miles of interstate natural gas pipelines, which supply 25% of the nation’s energy and all of these are potentially at risk. The US Department of Homeland Security has recently disclosed that they have been helping US firms with incidents since March 2012. Commenting on the incidents DHS spokesman Peter Boogaard told CNET on Tuesday, “DHS’s Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies.”

Boogaard continued to share high-level details regarding the events stating, “The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats.” This active series of cyber intrusions targeting natural gas pipeline sector companies appears to have started in late December 2011 and remains active today.

While the origins of these attacks remain unknown and no negative consequences of the breaches have been disclosed to date, this alarming result raises the importance of continuous monitoring and alerting on changes within the enterprise environment. The specter of malicious activity is real, the potential for damage is high and the ability for an attacker or motivated insider to do damage to critical infrastructure is a risk that should be actively guarded against.

Organizations, governments, utilities and critical business sectors alike should seek out ways to monitor their vital systems from within, alert on change and move immediately to put continuous monitoring systems in place. By following strong security practices, base lining the current environment, and using predictive analytics to identify areas of vulnerability and change, we can all reduce risk across the organization.

These tools exist today. The time to deploy them is now.