The Biden administration on Tuesday revealed previously classified details of the wide range of state-sponsored cyberattacks on US oil and gas pipelines over the past decade, as part of a warning. informs pipeline owners to increase the security of their systems to prevent future attacks.
Between 2011 and 2013, Chinese-backed hackers targeted and in many cases compromised nearly two dozen companies that owned such pipelines, the FBI and the Department of Homeland Security revealed in a statement. a warning on Tuesday.
Of the 23 natural gas pipeline operators who have been hit by a form of email scam known as phishing scams, the agencies say 13 have been successfully compromised, while three “nearly leave out”. The extent of penetration into the seven operators is not known because of a lack of data.
These revelations add to the urgency of protecting US pipelines and critical infrastructure from cyberattacks. For years, state-backed hackers and more recently cybercriminals have targeted oil and gas pipelines, taking their operators hostage with ransomware, a form of malware. The malware encrypts the data until the victim pays. The ransomware attack on Colonial Pipeline, the operator of one of the country’s largest pipelines, in May was a wake-up call, but officials say it’s just the most visible consequence of a threat. Digital threats have consumed critical infrastructure for a decade.
Nearly 10 years ago, the Department of Homeland Security said it had begun responding to “alarming” intrusions into oil pipelines and electric energy operators. Officials successfully traced part of those attacks to China, but in 2012 its motives were unclear: Did the hackers cheat industry secrets? Or are they positioning themselves for a future attack?
“We’re still trying to figure that out,” a senior US intelligence official told The New York Times in 2013. “They could have done both.”
But Tuesday’s warning affirms that the goal is “to keep America’s pipeline infrastructure at risk.”
“This operation is ultimately intended to help China develop a cyberattack capability against U.S. pipelines to damage pipelines or disrupt pipeline operations,” the warning said.
The warning, fueled by new concerns about the cyber dangers of critical infrastructure, was preceded by an attack on the Colonial Pipeline, which has pipelines transporting refined gasoline and motor fuels. flew from Texas and up the East Coast to New York. That breach shut down nonstop flights and led to gas shortages, setting off alarms at the White House and Department of Energy, which suggest the nation may have just three more days of downtime. before the chemical refineries and mass transport came to a halt.
Mandiant, a division of security firm FireEye, said the advice is in line with the China-backed intrusions it has tracked against many natural gas pipeline companies and miners. other key exploits between 2011 and 2013. But the company added a disturbing detail, noting that it “strongly” believes that in one case, Chinese hackers gained access to the files. control, this could result in the pipeline shutting down or possibly causing an explosion.
While the directive did not name the victims of the pipeline breach, one of the companies infiltrated by Chinese hackers in that same time frame was Telvent, which oversees more than half of the pipeline and gas in North America. It discovered the hackers in its computer systems in September 2012, only after they had been loitering there for months. The company closed remote access to customers’ systems, fearing it would be used to shut down US infrastructure.
The Chinese government denies it was behind the Telvent breach. Congress failed to pass cybersecurity legislation that would strengthen the security of pipelines and other critical infrastructure. And the country seems to have moved on.
Nearly a decade later, the Biden administration says the threat of a hack into America’s oil and gas pipelines has never been greater. “The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” said Alejandro N. Mayorkas, secretary. homeland security, said in a statement on Tuesday.
A security directive issued Tuesday requires owners and operators of pipelines deemed important by the Transportation Security Administration to take specific steps to protect from ransomware. money and other attacks, and provide a backup and recovery plan.
The directive follows another in May that required companies to report significant cyberattacks to the government in a bid to shore up security after the breach on Colonial Pipeline, which forced it to shut down 5,500 miles of pipeline.
The May directive sets out a 30-day period to “identify any vulnerabilities and related remedial measures to address network-related risks” and report them to the TSA and the National Security Agency. Department of Homeland Security Network and Infrastructure.
Immediately after taking office, President Biden promised that improving cybersecurity would be a top priority. This month, he met with top advisers to discuss options for dealing with a wave of Russian ransomware attacks targeting US companies, including a July 4 attack on a company in Florida that specializes in providing software for businesses that manage technology for smaller companies.
And on Monday, the White House said China’s Ministry of State Security, the intelligence watchdog, was behind an unusually sophisticated and aggressive attack in March that targeted tens of thousands of computer-based victims. Microsoft Exchange mail server.
Separately, the Justice Department made public the indictments of four Chinese nationals on Monday for coordinating the hacking of trade secrets from companies in the aviation, defense, biopharmaceutical and other industries. other profession.
According to the indictment, Chinese hackers operate from front companies, some on Hainan Island, and exploit Chinese universities not only to recruit hackers into the ranks of the government, but also to recruit hackers. manage critical business operations, such as payroll. American officials and security experts argue that the decentralized structure serves as a legitimate denial by China’s Ministry of State Security.
The indictments also reveal that China’s “government-linked” hackers were engaged in their own for-profit businesses, conducting ransomware attacks that blackmailed leading companies. millions of dollars.
Eileen Sullivan contribution report.