CNN Security Clearance

Cyber attack targets gas pipeline companies

by Suzanne Kelly

A series of natural gas pipeline sector companies are being targeted by a cyber attack that appears to have been launched in December, according to a notice from the Department of Homeland Security.

The threat was disclosed in a monthly note published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a DHS division devoted to cybersecurity.

"DHS’s Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies," said DHS spokesman Peter Boogaard.

“The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies," Boogaard said.

According to the ICS-CERT memo, "Analysis shows that the spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition, the emails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization."

Spear-phishing attacks are efforts to get employees to click on e-mail attachments.

Some attackers have become so sophisticated in their efforts that they research known employees on Internet social sites and then craft an e-mail that appears to come from someone who is known to the intended target.

Once the target clicks on the e-mail, malicious material can easily be uploaded, or systems monitored, often without the person ever knowing about it.

In this case, government investigators have been able to identify the nature of the attacks, but not necessarily the exact size or scope yet.

"DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats," Boogaard said.

The cyber attack appears to have been reported by the private sector companies that would have had access to the information, namely, those under attack.

The self reporting of such attacks has been at the heart of cyber legislation debates on the Hill as lawmakers struggle to find more effective ways to convince private sector companies to not only report, but then to allow the government access to its databases so that it can better understand the source and intention of the attacker or attackers.

In this case, according to the memo, ICS-CERT has not only been able to analyze the data, but it has also gained a prime position from which to monitor the malicious activity - something that generally leads investigators back to not only the source of the attack, but can also allow them to glean clues about the intention and sophistication of the attacker.

Sometimes in cyberspace, it’s what you don’t know that creates the most anxiety. ICS-CERT hasn’t yet said whether it knows what the cyber attackers were hoping to do.