Cyberattack pings data systems of at least four gas networks
On Tuesday, Oneok Inc., which operates natural gas pipelines in the Permian basin in Texas and the Rocky Mountains region, said it disabled its system as a precaution after determining that a third-party provider was the “target of an apparent cyberattack."
A day earlier, Energy Transfer Partners LP, Boardwalk Pipeline Partners LP, and Chesapeake Utilities Corp.’s Eastern Shore Natural Gas reported communications breakdowns, with Eastern Shore saying its outage occurred on March 29. The Department of Homeland Security, which said Monday it was gathering information about the attacks, had no immediate comment Tuesday.
“We do not believe any customer data was compromised,” said the Latitude Technologies unit of Energy Services Group, which Energy Transfer and Eastern Shore both identified as their third-party provider. “We are investigating the re-establishment of this data,” Latitude said in a message to customers.
The company wasn’t ready to make a statement or discuss the details of the service disruption yet, Carla Roddy, marketing director at Energy Services Group, said in a brief interview at the company’s headquarters in Norwell, Massachusetts.
The attacks follow a U.S. government warning in March that Russian hackers are conducting an assault on the U.S. electric grid and other targets. Last month, Atlanta’s government was hobbled by a ransomware attack.
Computer to computer
The electronic systems help pipeline customers communicate their needs with operators, using a computer-to-computer exchange of documents. Energy Transfer said the electronic data interchange system provided by Latitude was back up and working Monday night. The business wasn’t otherwise affected, spokeswoman Vicki Granado said in an email.
Eastern Shore Natural Gas’s Latitude system was restored on Monday as well, the company said in a notice to customers. In addition to providing EDI services, Latitude also hosts websites used by about 50 pipelines for posting notices to customers. At least some of the websites went down on March 29 and didn’t start returning until Monday, according to Dan Spangler, pipeline manager for data provider Genscape Inc. in Boulder, Colorado.
“Although all of the sites are back up now, many of them are still missing” data for March 30 and April 1, he said. “Other than Energy Transfer pipes and the pipelines hosted by Latitude, we haven’t seen any issues with gas data.”
The shutdowns are “not operationally serious in the sense that it’s stopping the natural gas from moving, but it is serious because it’s causing these companies to use workarounds for communication,” said Rae McQuade, president of the North American Energy Standards Board in Houston, which is responsible for developing industry standards.
“If somebody is running a business that has some kind of critical asset to it -- pipelines, energy, finance -- those networks are going to be targets; those networks have been targets,” said John Harbaugh, chief operating officer at R9B, a Colorado Springs, Colo., cybersecurity solutions provider.
Many of the 3 million mi of pipelines that spread across America rely on third-party companies for their electronic communication systems, Andy Lee, senior partner at Jones Walker LLP in New Orleans, said by telephone Tuesday. In turn, they depend on those companies to provide security for those systems from attacks.
Latitude is “very well known in the industry,” the energy board’s McQuade said. “They have a lot of clients, they are very well respected.”
The systems are gaining attention from hackers because they’ve proven to be "low-hanging" fruit that creates an opportunity for ransomware or to sell the information on the dark web, Lee said.
Entry points
While the EDI systems may be entry points for hackers, they are likely not the ultimate target, said Jim Guinn, managing director and global cybersecurity leader for energy, utilities, chemicals and mining at Accenture Plc, a technology consulting company.
“There is absolutely nothing of intrinsic value for someone to infiltrate the EDI other than to navigate a network to do something more malicious," Guinn said by telephone Tuesday. "All bad actors are looking for a way to get into the museum to go steal the Van Gogh painting."
He also said there is nothing inherently different about oil and gas EDI systems.
This isn’t the first time U.S. pipelines have been targeted. In 2012, a federal cyber response team said in a note that it had identified a number of “cyber intrusions” targeting natural gas pipeline sector companies. The group, the Industrial Control Systems Cyber Emergency Response Team, is a division of Homeland Security.
“It’s important to recognize that this does not appear to be an attack on an operational system,” said Cathy Landry, a spokeswoman for the Interstate Natural Gas Association of America. “An attack on a network certainly is inconvenient and can be costly, and something any company – whether a retailer, a bank or a media company -- wants to avoid, but there is no threat to public safety or to natural gas deliveries.”
She said she “cannot speak for any of the companies specifically about what may or may not have happened to their systems.”