Ransomware cyberattack shuts down US gas facility
The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency of the US government, has warned energy asset operators in the US to fully secure their networks after a hacker was able to gain access to the operating system at a natural gas compression facility.
20th February 2020 by Networks
The CISA describes how the cyberattack affected control and communication systems at the unnamed facility, after the hacker sent a “spearfishing” email containing a malicious link to gain initial access to the organisation’s IT system, and from there was able to attack the operating technology (OT) network.
A type of widely available “commodity” ransomware was then able to encrypt data on target systems, in order to interrupt availability to system and network resources.
Destructive malwares are being developed and tested, and critical infrastructure operators need to be able to identify and mitigate anomalous behaviour in real-time
Andrea Carcano, co-founder, Nozomi Networks
This meant that specific assets on the OT network were disrupted, including human machine interfaces (HMIs), data historians, and polling servers.
These parts of the network were no longer able to read and aggregate real-time operational data, resulting in a partial loss of view for the operators.
However, the attack did not extend to any programmable logic controllers, and at no point did the asset owner lose control of operations.
It made the decision to implement a controlled shutdown to operations lasting approximately two days and resulting in a loss of productivity and revenue before normal operations resumed.
Andrea Carcano is co-founder and chief product officer at Nozomi Networks, a provider of Internet of Things and OT security solutions. Commenting on the news, he said: “This is yet another example of the significant rise in the number of cyberattacks to targeted critical infrastructures, and a reminder that the threats are real and need to be addressed.
“Hackers are learning new tactics and avenues to infiltrate industrial control systems (ICS) like this US natural gas compressor. This attack method accessed the IT network before moving into the OT network, validating the importance of integrating IT and OT systems.
“The potential consequences of not investing in industrial cybersecurity technologies could be numerous and severe. Destructive malwares are being developed and tested, and critical infrastructure operators need to be able to identify and mitigate anomalous behaviour in real-time.
“To protect and optimally maintain ICS cybersecurity, it is necessary to implement non-intrusive technologies that shift an organisations’ security posture to one that utilises intelligent threat detection.
“Overall, industrial organisations need to ensure critical infrastructure resilience so that risks from wherever and in whatever format can be identified and remediated immediately.”
The CISA is now encouraging asset owner operators across all critical infrastructure sectors to review the techniques used by the hacker and to apply corresponding mitigations.
CISA is a standalone federal agency, under Department of Homeland Security oversight.
Login on register to comment
Cadent backs launch of major bio-CNG HGV refuelling station
Gas network’s £250,000 infrastructure investment ensures supplies to existing connected customers have not been impacted
Editor’s blog: The biggest tests of resilience are yet to come
Network content director Jane Gray reflects on the industry's coronavirus response to date and the challenges still to come.
From the front line: Chris Garside and Andy Simcoe, Northern Gas Networks
Key workers across the power and gas networks are playing a critical role in the national response to Coronavirus. Network has committed to profiling their stories.
Related supplier content
Load patterns and lockdown: how Covid-19 is impacting electricity networks
Insights into dynamics on the low voltage network as the outbreak unfolds
Protect electrical equipment from insulation failure
Insulation faults are a major cause leading to the eventual failure of electrical equipment. Partial discharge (PD) is a very reliable indicator of developing insulation faults. Regular PD testing allows users to detect and analyze PD activity
How E.ON. is helping the City of London become a zero emissions city
Discover Citigen. Deep in the heart of our bustling capital