Cyberattack shuts down data systems of US pipeline firms
New York — At least four US pipeline groups had their electronic systems for communicating with customers shut down in the past few days, with three confirming it resulted from a cyberattack.
On Tuesday, Oneok, which operates natural gas pipelines in Texas and the Rocky Mountains region, said it disabled its data system as a precaution after determining that a third-party provider was the "target of an apparent cyberattack".
On Monday, Energy Transfer Partners, Boardwalk Pipeline Partners and Chesapeake Utilities Corporation’s Eastern Shore Natural Gas reported breakdowns, with Eastern Shore saying its closure occurred on March 29.
The homeland security department, which said on Monday it was gathering information about the attacks, had no immediate comment.
"We do not believe any customer data was compromised," said the Latitude Technologies unit of Energy Services Group, which Energy Transfer and Eastern Shore identified as their third-party provider.
The attacks follow a US government warning in March that Russian hackers were conducting an assault on the US electric grid and other targets. Atlanta’s government was hobbled by a ransomware attack in March.
The electronic systems help pipeline customers communicate their needs with operators, using a computer-to-computer exchange of documents. Energy Transfer said the electronic data interchange (EDI) system provided by Latitude was back up and working on Monday night. The business was not otherwise affected, spokeswoman Vicki Granado said.
Eastern Shore Natural Gas’s Latitude system was restored on Monday, the company said in a notice to customers. In addition to providing EDI services, Latitude also hosts websites used by about 50 pipelines for posting notices to customers.
At least some of the websites went down on March 29 and were not restored until Monday, said Dan Spangler, pipeline manager for data provider Genscape in Boulder, Colorado.
"Although all of the sites are back up now, many of them are still missing" data for March 30 and April 1, he said.
"Other than Energy Transfer pipes and the pipelines hosted by Latitude, we have not seen any issues with gas data."
The shutdowns are "not operationally serious in the sense that it’s stopping the natural gas from moving, but it is serious because it’s causing these companies to use work-arounds for communication," said Rae McQuade, president of the North American Energy Standards Board.
"If somebody is running a business that has some kind of critical asset to it — pipelines, energy, finance — those networks are going to be targets; those networks have been targets," said John Harbaugh, chief operating officer at R9B, a Colorado Springs, Colorado cyber security solutions provider.
Many of the 4.8-million kilometres of pipelines that spread across the US rely on third-party companies for their electronic communication systems, Andy Lee, senior partner at Jones Walker in New Orleans, said. In turn, they depend on those firms to provide security for those systems from attacks.
Latitude is "very well known in the industry", McQuade said. "They have a lot of clients, they are very well respected."
The systems are gaining attention from hackers because they have proven to be "low-hanging" fruit that creates an opportunity for ransomware or to sell the information on the dark web, Lee said.
While the EDI systems may be entry points for hackers, they are likely not the ultimate target, said Jim Guinn, MD and global cybersecurity leader for energy, utilities, chemicals and mining at Accenture, a technology consulting company.
"There is absolutely nothing of intrinsic value for someone to infiltrate the EDI other than to navigate a network to do something more malicious. All bad actors are looking for a way to get into the museum to go steal the Van Gogh painting."
Guinn said there was nothing inherently different about oil and gas EDI systems.
This is not the first time US pipelines have been targeted. In 2012, a federal cyber response team said it had identified a number of "cyber intrusions" targeting natural gas pipeline sector companies.
"It’s important to recognise that this does not appear to be an attack on an operational system," said Cathy Landry, a spokeswoman for the Interstate Natural Gas Association of America.