natural gas pipeline

Natural Gas Pipeline Operator Shut Down Due To Ransomware Attack, DHS Reports

Through a “spearphishing link” sent to staff at the facility, hackers were able to deploy ransomware on the operational network, leading to a two-day shutdown.

A major U.S.-based natural gas compression facility was hit with a ransomware attack, causing the pipeline operator to shut down operations for two days, according to a new security advisory issued this week by the Department of Homeland Security.

The advisory, published by the Cybersecurity and Infrastructure Security Agency, said that a hacker was able to gain access to the facility’s operational (OT) network by using a “spearphishing link to obtain initial access to the organization’s information technology (IT) network.”

Hypothetically, IT and OT networks should not be connected, as OT networks are “workstations for managing critical factory equipment and other factory operations,” ZDNet reported. But in this case, the unnamed company did not have those security protections in place.

The attacker was able to deploy commodity ransomware to encrypt data on both the IT and OT networks at the same time before demanding a ransom payment, according to the advisory. The CISA report did not name the natural gas compression company, nor specify when the attack took place. Advisories are usually released as case studies for organizations facing similar threats, featuring tips from CISA on how other facilities can learn from the incident.

“At no time did the threat actor obtain the ability to control or manipulate operations,” the advisory notes. “Although the direct operational impact of the cyberattack was limited to one control facility, geographically distinct compression facilities also had to halt operations because of pipeline transmission dependencies.”

That dependency led to a shutdown for approximately two days. The victim facility’s emergency response plans were not focused on cybersecurity but rather on physical safety.

“The victim cited gaps in cybersecurity knowledge and the wide range of possible scenarios as reasons for failing to adequately incorporate cybersecurity into emergency response planning,” the advisory reads.

Operators are advised to ensure that their emergency response plans include cyber attacks and their varied consequences, including loss of control of their systems and loss of safety. Employees should be equipped with the knowledge and training they need to make quick decisions in the face of a ransomware attack.

While the victim facility in this case was able to obtain replacement equipment and facilitate the data recovery process through last-known-good configurations, other organizations should also consider having the ability to “fail over to alternate control systems,” according to CISA. Manual operation should be possible in the case of a cyber attack, the agency said.

Ransomware attacks hit at least over 200,000 organizations last year, and the average ransom demanded rose dramatically at the end of 2019, according to data obtained by The New York Times. Many organizations and companies do not report the attacks to the FBI or law enforcement agencies, making it more difficult to track the rapid increase in ransomware attacks.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Security Today Launches 2023 Government Security Awards

    Security Today Launches 2023 Government Security Awards

    Security Today is proud to announce the launch of the 2023 Government Security Awards. The Govies honor outstanding government security products in a variety of categories. For this year’s awards program, participants can choose from 38 different categories to enter their product(s) into. Read Now

  • Back to the Basics

    Back to the Basics

    Security is a continuous evolution of practices and procedures. The developments in technology and advancements in threats make security difficult at times. Although security from one location may look different from another location, there is a common goal applied to security measures. The common goal is protection. Read Now

  • The Top Three Security Trends in 2023

    The Top Three Security Trends in 2023

    As security technology has become more widely used, the interest in new capabilities and increased security measures has increased. As we head into 2023, these three trends will shape the security landscape. Read Now

  • TSA Breaks Record Nationally and in Washington for Firearm Discoveries in 2022

    TSA Breaks Record Nationally and in Washington for Firearm Discoveries in 2022

    Transportation Security Administration (TSA) officers in Washington detected 164 firearms in travelers’ carry-on luggage in 2022, with the majority of the firearms discovered at Seattle-Tacoma International Airport’s (SEA) security checkpoints. Read Now

Featured Cybersecurity

New Products

  • PaxLock Pro - Mortise

    PaxLock Pro - Mortise

    Paxton Access Inc. has launched the latest addition to their line of wireless access control solutions, the PaxLock Pro - Mortise, a smart lockset designed for quick and easy installation to conveniently secure external facing doors. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • Dahua 2-Wire IP Video Intercom System

    Dahua 2-Wire IP Video Intercom System

    Dahua Technology is introducing a new line of expandable 2-wire IP video intercom solutions for the North America market. The New 2-wire IP video intercom is more advanced, cost effective, and designed to help businesses increase their security. 3