U.S. gas pipeline operators have been targeted in sophisticated phishing attacks since at least December, with the Department of Homeland Security helping firms deal with the incidents since March, the DHS and an industry expert said.
"DHS's Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies," DHS spokesman Peter Boogaard said in an e-mail sent to CNET today.
"The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies. DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats."
The agency has been meeting with companies in private about the matter and late last week issued the first public advisory, which was first reported on by The Christian Science Monitor. It's unclear who is behind the attacks and whether they have led to pilfering of data or other negative consequences. Boogaard did not respond to follow up questions seeking more information.
"Most natural gas pipeline infrastructure in the U.S. is experiencing this type of attack," said Jesse Hurley, chairman of the critical infrastructure committee at the North American Energy Standards Board and CEO of Shift Systems, which operates the public key infrastructure for the wholesale electric grid in the U.S. "It's unprecedented. The DHS is saying leave the malware in place -- unless you think it's going to take down the network -- so we can see what it does. It's a critical issue for a lot of people. DHS is asking the entire industry to act as an intelligence source."
The concern is that if they can trick someone within a pipeline company to open a malicious link or download malware the attackers can steal sensitive information or somehow manage to sneak malware onto systems for controlling gas compressors or bulk power switching. Such a scenario played out when the Stuxnet malware knocked Iran's Natanz nuclear plant offline several years ago. The malware was reportedly carried into the plant on a USB thumb drive by an Iranian double agent working for Israel.
The attacks on companies in the gas sector come amid debate over a bill in the Senate that would allow DHS to set security standards for critical infrastructure providers like gas companies. "This could be seen as a showcase for how DHS is intending to behave if and when they get their mandate if cybersecurity legislation is passed," Hurley said.
The attacks, coupled with a pipeline explosion in September 2010 in San Bruno, Calif., that killed eight people and destroyed about three dozen homes, are likely to lead officials to impose new security standards on the gas sector, according to Hurley. Investigations into the cause of the explosion found that there had been a defective weld on a gas transmission line and that a control system failed.
"There are no standards now" for the gas pipeline industry, Hurley said.