A recent cyberattack on a data processing system used by many US pipelines could be a prelude to more severe disruptions, cybersecurity experts said.
At least four companies that own interstate natural gas pipelines advised customers to temporarily switch to other systems because of the 29 March attack on Latitude Technologies' EDI system—a third-party service used for pipeline scheduling and nominations.
The cyberattack did not disrupt physical pipeline operations but the hackers may have been seeking sensitive information such as account numbers, transaction details, and email addresses from gas producers and their utility customers, said Phil Neray, vice president of industrial cybersecurity at Boston-based critical infrastructure cybersecurity firm CyberX. That information could be used for destructive purposes, such as ransomware attacks that would hold pipelines hostage for millions of dollars per day.
That information could also be used to "spoof" transactions, creating false purchases that cause delays in shipments, leading to possible natural gas shortages in certain regions. For example, a slowdown in natural gas flows to power plants during peak summer demand hours could lead to outages that create health and safety concerns, Neray said.
Or, it could be used to access systems to physically control pipeline equipment. A report by iDefense, the cyberthreat intelligence division of Accenture, said a hacker group may be trying to gain access to organizations' industrial control systems in the the energy, nuclear, and manufacturing industries.
That could be achieved seeking email addresses of key pipeline operations personnel that can later be used in "phishing" attacks—where a digital intruder maquerades as a trustworthy source in an attempt to get sensitive information such as user names, passwords, or other data.
Read the full story here.
Don't miss our latest HSE content, delivered to your inbox twice monthly. Sign up for the HSE Now newsletter. If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.
29 Jan 2020 22:30 GMT
- Live, then On Demand
19 - 20 Feb 2020
- Lafayette, Louisiana, USA
Covering issues related to the identification, prevention, and remediation of formation damage
9 - 11 Mar 2020
- Muscat, Oman
Shaping the Future of the Energy Industry.
17 Mar 2020
- Calgary, Alberta, Canada
In this course, discover the field applications of machine learning with a focus on reservoir characterization, production analysis and prediction, and recovery enhancement.
22 Apr 2020
- Bergen, Norway
The SPE Norway Subsurface Conference brings together the E&P industry to expand industry technical knowledge, connect with innovators and leaders and address technical challenges facing upstream oil and gas professionals.
29 - 30 Apr 2020
- Brisbane, Australia
We are in the throes of an energy transition - our energy system is evolving rapidly and diversifying, decarbonising and decentralising.
HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.
©2003-2020 Society of Petroleum Engineers, All Rights Reserved.