Four US pipeline companies have reported their electronic systems for communicating with customers were shut down over the past few days, with three confirming it resulted from a cyberattack.
On Tuesday, Oneok, which operates natural gas pipelines in the Permian Basin in Texas and the Rocky Mountains region, said it disabled its system as a precaution after determining that a third-party provider was the “target of an apparent cyberattack".
A day earlier, Energy Transfer Partners, Boardwalk Pipeline Partners and Chesapeake Utilities’ Eastern Shore Natural Gas reported breakdowns, with Eastern Shore saying its occurred on March 29. The Department of Homeland Security, which said Monday it was gathering information about the attacks, had no immediate comment on Tuesday.
“We do not believe any customer data was compromised,” said the Latitude Technologies unit of Energy Services Group, which Energy Transfer and Eastern Shore both identified as their third-party provider. “We are investigating the re-establishment of this data,” Latitude said in a message to customers.
The attacks follow a US government warning in March that Russian hackers are conducting an assault on the US electric grid and other targets. Last month, Atlanta’s government was hobbled by a ransomware attack.
The electronic systems help pipeline customers communicate their needs with operators, using a computer-to-computer exchange of documents. Energy Transfer said the electronic data interchange system provided by Latitude was back up and working by Monday night. The business was not otherwise affected, spokeswoman Vicki Granado said.
Eastern Shore Natural Gas's Latitude system was also restored on Monday, the company said in a notice to customers.
The shutdowns are “not operationally serious in the sense that it’s stopping the natural gas from moving, but it is serious because it’s causing these companies to use workarounds for communication,” said Rae McQuade, president of the North American Energy Standards Board in Houston, which is responsible for developing industry standards.
“If somebody is running a business that has some kind of critical asset to it – pipelines, energy, finance – those networks are going to be targets; those networks have been targets,” said John Harbaugh, chief operating officer at R9B, a Colorado Springs, Colorado, cybersecurity solutions provider.
Many of the 3 million miles of pipelines that spread across America rely on third-party companies for their electronic communication systems, Andy Lee, senior partner at Jones Walker in New Orleans, said on Tuesday. In turn, they depend on those companies to provide security for those systems from attacks.
Latitude is “very well known in the industry”, Mr McQuade said. “They have a lot of clients, they are very well respected.”
In addition to providing EDI services, Latitude also hosts websites used by about 50 pipelines for posting notices to customers – websites that went down on March 29 and did not start returning until Monday, said Dan Spangler, pipeline manager for data provider Genscape in Boulder, Colorado. “Although all of the sites are back up now, many of them are still missing” data for March 30 and April 1, he said.
“Other than Energy Transfer pipes and the pipelines hosted by Latitude, we haven’t seen any issues with gas data,” Mr Spangler said.
The systems are gaining attention from hackers because they have proven to be "low-hanging" fruit that creates an opportunity for ransomware or to sell the information on the dark web, Mr Lee said.
While the EDI systems may be entry points for hackers, they are not likely to be the ultimate target, said Jim Guinn, managing director and global cybersecurity leader for energy, utilities, chemicals and mining at Accenture, a technology consulting company.
"There is absolutely nothing of intrinsic value for someone to infiltrate the EDI other than to navigate a network to do something more malicious," Mr Guinn said. "All bad actors are looking for a way to get into the museum to go steal the Van Gogh painting."
He also said there is nothing inherently different about oil and gas EDI systems.
This is not the first time US pipelines have been targeted. In 2012, a federal cyber response team said that it had identified a number of "cyber-intrusions" targeting natural gas pipeline sector companies. The group, the Industrial Control Systems Cyber Emergency Response Team, is a division of Homeland Security.
“It’s important to recognise that this does not appear to be an attack on an operational system,” said Cathy Landry, a spokeswoman for the Interstate Natural Gas Association of America. “An attack on a network certainly is inconvenient and can be costly, and something any company –whether a retailer, a bank or a media company – wants to avoid, but there is no threat to public safety or to natural gas deliveries.”
She said she “cannot speak for any of the companies specifically about what may or may not have happened to their systems”.