A recent cyberattack on a data processing system used by many US pipelines could be a prelude to more severe disruptions, cybersecurity experts said.
At least four companies that own interstate natural gas pipelines advised customers to temporarily switch to other systems because of the 29 March attack on Latitude Technologies' EDI system—a third-party service used for pipeline scheduling and nominations.
The cyberattack did not disrupt physical pipeline operations but the hackers may have been seeking sensitive information such as account numbers, transaction details, and email addresses from gas producers and their utility customers, said Phil Neray, vice president of industrial cybersecurity at Boston-based critical infrastructure cybersecurity firm CyberX. That information could be used for destructive purposes, such as ransomware attacks that would hold pipelines hostage for millions of dollars per day.
That information could also be used to "spoof" transactions, creating false purchases that cause delays in shipments, leading to possible natural gas shortages in certain regions. For example, a slowdown in natural gas flows to power plants during peak summer demand hours could lead to outages that create health and safety concerns, Neray said.
Or, it could be used to access systems to physically control pipeline equipment. A report by iDefense, the cyberthreat intelligence division of Accenture, said a hacker group may be trying to gain access to organizations' industrial control systems in the the energy, nuclear, and manufacturing industries.
That could be achieved seeking email addresses of key pipeline operations personnel that can later be used in "phishing" attacks—where a digital intruder maquerades as a trustworthy source in an attempt to get sensitive information such as user names, passwords, or other data.