The US Department of Homeland Security warns that an ongoing cyber campaign is targeting natural gas infrastructure across the country.
According to documents reviewed by the Christian Science Monitor, at least three confidential “amber” alerts were issued by DHS beginning March 29 – all detailing a “gas pipeline sector cyber intrusion campaign” against multiple pipeline companies.
“ICS-CERT identified an active series of cyber intrusions targeting natural gas pipeline sector companies,” read an official memo issued April 13.
“Multiple natural gas pipeline organizations have reported either attempts or intrusions related to this campaign. The campaign appears to have started in late December 2011 and is active today.”
The ICS-CERT also confirmed its analysis of malware associated with the digital infiltrations “positively identified this activity as related to a single campaign from a single source,” which appears to be based on a sophisticated “spear-phishing” campaign.
Interestingly enough, the DHS has asked pipeline companies to refrain from taking action against “cyber spies,” as long as local operations aren’t endangered.
“In essence they were saying: ‘Do not put in any mitigation or blocks against these active intruders. But if you’re telling an investor-owned utility not to do anything, that’s pretty unheard of,'” an unnamed source told the CSM.
“Step 1 is always block these guys and get them off the system. It’s pretty unusual in the commercial world to just let them collect data. Heaven forbid that the intruders gain control. It kind of looks like our intel guys were trying to get more information.”
Meanwhile, Jonathan Pollet, founder of Red Tiger Security, says there isn’t yet enough available information to determine who the cyber intruders are or what their goal is.
Nevertheless, warns Pollet, “it’s a concern because if they access the corporate network it’s often just a short step to the next level and right into their control system network.”