All the facts are not in regarding the attack announced by the US natural gas pipeline operator Energy Transfer Partners (operator of over 71,000 miles of pipeline). But we do know that operations were affected by the attack and that the attack was against its back office systems in charge of orders, shipping, billing. Operations continue, but were degraded. There is not attribution on the attack, but indications are that this was criminal vice nation-state. That said, the US Government recently warned Russian Cyber operators are conducting operations in the networks associated with the energy sector. Although this most recent attack was an attack on a back office system and there are no indications that it was used to attack ICS/SCADA/OT systems, this is a serious attack since any system can be used as a jumping off point to more dangerous attacks.
Our records show the most damaging cyber attack against a pipeline occurred in Turkey in 2008, when unknown attackers conducted a cyber attack that resulted in a very violent pipeline explosion. No attribution still, but Russia had the motive and technical skills required to mount this attack (see: Most Violent Cyber Attack Noted to date: 2008 Pipeline Explosion Caused By Remote Hacking).
Andrea Carcano, Co-Founder and CTO of Nozomi Networks (a leading provider of real-time industrial control security) provided the following context on this attack:
“The supply chain cyberattack that disrupted a chain of natural gas companies serves as yet another reminder that oil and gas organizations are high-risk targets. Attacks against them are growing, as evidenced by the recent Ponemon study that shows that sixty-eight percent of oil and gas organizations have experienced at least one cyber compromise. In this case, operations were not ultimately impacted and it's not immediately clear that they were the target – however, we know that attackers often use IT networks and third-party resources to gain entry to OT networks. That’s why organizations must ensure that IT and OT security efforts are effectively aligned to achieve the best possible protection.”
We would add that we all need more facts on what happened here so we can take away the right lessons. But in most all cases, IT systems, including back office systems, can be configured using best practices and operated in ways that keep organized crime out. For a review of best practices relevant to most IT see Crucial Point's collection of Cybersecurity Best Practices.
Latest posts by Bob Gourley
- C³ Webinar: Awareness Briefings on Russian Activity Against Critical Infrastructure - July 19, 2018
- Join Us at Cyber Tacos 24 July 2018 in Washington DC - July 19, 2018
- Inform Your Cybersecurity Strategy With Lessons From July 1861 - July 17, 2018