All the facts are not in regarding the attack announced by the US natural gas pipeline operator Energy Transfer Partners (operator of over 71,000 miles of pipeline). But we do know that operations were affected by the attack and that the attack was against its back office systems in charge of orders, shipping, billing. Operations continue, but were degraded. There is not attribution on the attack, but indications are that this was criminal vice nation-state. That said, the US Government recently warned Russian Cyber operators are conducting operations in the networks associated with the energy sector. Although this most recent attack was an attack on a back office system and there are no indications that it was used to attack ICS/SCADA/OT systems, this is a serious attack since any system can be used as a jumping off point to more dangerous attacks.
Our records show the most damaging cyber attack against a pipeline occurred in Turkey in 2008, when unknown attackers conducted a cyber attack that resulted in a very violent pipeline explosion. No attribution still, but Russia had the motive and technical skills required to mount this attack (see: Most Violent Cyber Attack Noted to date: 2008 Pipeline Explosion Caused By Remote Hacking).
Andrea Carcano, Co-Founder and CTO of Nozomi Networks (a leading provider of real-time industrial control security) provided the following context on this attack:
“The supply chain cyberattack that disrupted a chain of natural gas companies serves as yet another reminder that oil and gas organizations are high-risk targets. Attacks against them are growing, as evidenced by the recent Ponemon study that shows that sixty-eight percent of oil and gas organizations have experienced at least one cyber compromise. In this case, operations were not ultimately impacted and it's not immediately clear that they were the target – however, we know that attackers often use IT networks and third-party resources to gain entry to OT networks. That’s why organizations must ensure that IT and OT security efforts are effectively aligned to achieve the best possible protection.”
We would add that we all need more facts on what happened here so we can take away the right lessons. But in most all cases, IT systems, including back office systems, can be configured using best practices and operated in ways that keep organized crime out. For a review of best practices relevant to most IT see Crucial Point's collection of Cybersecurity Best Practices.
Latest posts by Bob Gourley
- Global Cyber Alliance Release: Perhaps the most important of the 2018 RSA Conference Season - April 19, 2018
- Fingbox: Giving you something you need now more than ever, awareness and control over your home network - April 17, 2018
- Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices - April 17, 2018