The United States' natural gas pipelines have been the target of sophisticated "cyber intrusions" since December last year, and the government is working with affected companies to determine if their computer systems have been compromised, remove any infections and harden their networks against re-infection, the Department of Homeland Security has said in a statement.
The attacks were disclosed by the department's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in its "monthly monitor" newsletter for April, which described a co-ordinated and tightly focused "spear-phishing" campaign involving e-mails designed to look like internal company communications from trusted sources. ICS-CERT did not disclose whether any pipeline computer systems had been affected by the cyber attacks, but said it had been working since March with "multiple organisations to provide remote and onsite analytic assistance to confirm the compromise, extent of infection, and assist in removing it from networks".
Significance: "Spear-phishing" schemes are selective, generally targeting key individuals in companies or organisations by using e-mails purportedly from those individuals' bosses and including enough specific organisational information to appear authentic. Cyber experts say such schemes are more likely to come from hackers intent on getting specific business secrets or security information.
While it is not clear why gas pipelines would be targeted for cyber attacks, natural gas and electricity lines are increasingly being monitored and operated through interconnected wireless and electronic devices generally known as "supervisory control and data acquisition", or SCADA, systems, some of which are enabled by the internet.
The cyber attacks were disclosed by DHS at a politically sensitive time due to an ongoing partisan fight in Congress over cyber-security legislation. The Republican-controlled House passed legislation on 26 April that emphasises information-sharing and co-operation between the government and operators of key infrastructure to develop appropriate cyber-security measures.
President Barack Obama's administration favours legislation pending in the Democratic-controlled Senate, however, under which the government would set cyber-security standards to be met by the energy industry and other critical infrastructure sectors. Democrats say the cyber-security threat is too serious to let industry decide what expenditures are needed to protect systems critical to national defence. In the meantime, it remains unclear who the hackers are that are targeting US gas transportation infrastructure.
While no allegations of state-backed interruptions have been made so far, the US has threatened military intervention in the past, if a particular state would be found to support cyber-attacks in order to secure trade secrets and other sensitive information from US businesses. Electronic attacks are an example of an asymmetrical warfare techniques designed to offset the conventional superiority of one party to a conflict. Given that the US possesses easily the world's most powerful conventional military force, it is an obvious target for such tactics.
Copyright 2012 World Markets Research Limited. All Rights Reserved.