The U.S. government is moving quickly to respond to an ongoing series of cyber attacks on companies in the natural gas pipeline sector, according to the Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, at the Department of Homeland Security.
In a daily report released Tuesday, DHS reported that the coordinated cyber intrusions targeting natural gas companies began in December last year and have continued for the past five months. "Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign," ICS-CERT noted earlier this month.
These cyber attacks are being launched through the use of so-called spear-phishing attempts, which specifically target individuals within a company or organization. Phishing attacks generally involve e-mail spoofing or instant messaging activities that direct users to a fake online destination masquerading as a legitimate Web site, where the victims are asked to submit additional data.
With respect to the ongoing attacks on private natural gas companies, ICS-CERT noted that the number of persons targeted appears to be tightly focused. "In addition, the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization," ICS-CERT explained in a statement.
A Coordinated Response
ICS-CERT has asked all private companies operating natural gas facilities to submit the requisite data for identifying the scope of the infection as well as for developing a plan for mitigating the damage and eradicating the threat from the infected networks. According to the U.S. industry publication Natural Gas Intelligence, Obama administration officials and Senate staff met Monday to discuss the ongoing threat to the nation's energy production infrastructure.
"DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," DHS spokesman Peter Boogaard said, according to Natural Gas Intelligence.
ICS-CERT has already held a series of briefings with oil and natural gas pipeline companies across the nation. The bottom line is that the entire U.S. natural gas sector has been notified that allowing these intrusion activities to persist within their networks is not an option.
The big question, however, is how businesses located near a natural gas facility might potentially be impacted by a successful cyber intrusion at the plant. The DHS did not immediately respond to our request for further information, but Natural Gas Intelligence spokesperson Alex Steis noted that the Federal Energy Regulatory Commission has already "conducted a number of studies on the potential of a cyber attack on U.S. pipelines." (continued...)