U.S. Gas Pipeline Attacked by a supply chain cyberattack • Penetration Testing

Four U.S. gas pipeline companies reported that their electronic systems used to communicate with customers were shut down in the past few days, and three of them confirmed that they were caused by cyber attacks. The four gas pipeline companies are Oneok Corporation, Energy Transfer Partners LP (ETP), Boardwalk Pipeline Partners LP (BPP for short) and Eastern Shore Natural Gas (ESNG) for Chesapeake Utilities Corp (CUC).

Oneok said on April 3 that when it was determined that a third-party provider had suffered a cyber attack, the company shut down the system for prevention. ETP, BPP, and ESNG reported on April 2 that the system had failed. ESNG stated that the attack occurred on March 29th. The US Department of Homeland Security (DHS) said on April 2 that it is collecting information.

The attacked electronic system exchanges file with computers to help pipeline customers communicate with operators. Latitude Technologies, the third provider of ETP and ESNG, said that they believe the customer’s data has not been compromised. Latitude Technologies is a division of Energy Services Group (ESG). Rae McQuade, chairman of the North American Energy Standards Committee, said that Latitude is well-known in the industry and has many customers and is respected. In addition to providing EDI services, Latitude also hosted sites for about 50 pipeline companies to publish notices to customers. The websites were closed on March 29 and did not begin to resume until April 2.

Dan Spangler, a pipeline manager at data provider Genscape, said that although these sites are now back to normal, many sites have lost data from March 30 to April 1.

ESG has not disclosed the details of the attack. ETP spokesperson Vicki Granado confirmed to the American media via email that this was an attack against a third-party service provider. The operation of ETP was not affected and there was no data theft. ETP resumed trading on the ESG platform on the evening of April 2 local time.

US media claimed that the US energy industry has been the target of high-skilled hackers for several years. The US Department of Homeland Security (DHS) warned in March this year that since March 2016, Russian government hackers have been conducting multi-stage hacking operations on the U.S. energy infrastructure.

DHS confirmed the incident and reported that it is collecting information. Scott McConnell, a spokesperson for the DHS National Protection and Projects Agency (NPPD), said DHS is paying attention to these reports and is currently collecting more information. To ensure that private-sector partners better share information with DHS and for cybersecurity considerations, DHS will not disclose information that the private sector shares with it.

According to Nick Bilogorskiy, Juniper Networks’ cybersecurity strategist, it is not yet possible to determine whether the behind-the-scenes hand of the attack is a Russian hacking organization Dragonfly that penetrated the US factory. The organization was allegedly accused of attacking U.S. defense and aviation companies, as well as the energy industry.

Rae McQuade said that the seriousness of the system being shut down is not that it prevents the transmission of natural gas, but that it affects the communications of these companies.

John Harbaugh, a chief operating officer of network security solutions provider R9B, said that if a company owns key assets such as pipelines, energy, or finance, these networks will become targets. In fact, these networks have always been the target of cyber attacks.

Andy Lee, a senior partner at Jones Walker, a US law firm, points out that many of the 3 million miles of pipeline companies in the United States rely on third-party companies’ electronic communications systems. Therefore, they also rely on these companies to provide security measures to prevent cyber attacks. Andy emphasized that such systems are increasingly attracting the attention of hackers. The reason is that these systems have been proved to be easily hacked, giving hackers an opportunity to blackmail or steal information on the “dark network”.

Jim Guinn, general manager of energy, utilities, chemistry and mining at Accenture PLC, said that while EDI systems may be an entry point for hackers, they may not be the ultimate goal.