Colonial Is Just the Latest Energy Asset Hit by Cyber-Attack
(Bloomberg) -- A cyber-attack has never taken down a U.S. fuel pipeline quite as big as the Colonial Pipeline. It’s the nation’s largest gasoline, diesel and jet fuel system and a critical source of fuel supply for the U.S. Northeast.
But this isn’t the first time hackers have hit energy assets in America and beyond in recent years, at times disrupting services and upending operations.
“The ransomware attack on the #ColonialPipeline in the U.S. shows the critical importance of cyber resilience in efforts to ensure secure energy supplies,” Fatih Birol, the head of the International Energy Agency, said in a tweet. “This is becoming ever more urgent as the role of digital technologies in our energy systems increases.”
Two-Day Gas Outage
In February 2020, the U.S. Department of Homeland Security issued an alert about a ransomware attack that brought down a U.S. natural gas compressor facility for two days.
The agency didn’t say which facility was targeted, when the attack occurred or who was behind it. But it did offer some details: Hackers sent emails with a malicious link, known as a phishing attack, to gain control of the facility’s information technology system.
It appeared likely that the attacker explored the facility’s network to “identify critical assets” before executing the ransomware attack, Nathan Brubaker, a senior manager at the cybersecurity firm FireEye Inc., said at the time. This tactic, which has become increasingly popular among hackers, makes it “possible for the attacker to disable security processes that would normally be enough to detect known ransomware indicators,” he said.
Pemex Systems Down
Mexico’s oil giant Petroleos Mexicanos reported a cyber-attack in November 2019 that crippled its computer systems. The company’s communication systems were affected for weeks afterwards.
For some employees, Internet access was limited, some computer files weren’t accessible and they had difficulty receiving external emails, people in Pemex’s finance, legal and refining departments said at the time. The hacker behind the attack tried to squeeze almost $5 million out of the company. Pemex at the time refused to pay the ransom.
Gas Communications Targeted
In April 2018, several U.S. natural gas pipeline operators including Energy Transfer Partners LP and TransCanada Corp. reported that a third-party electronic communications system had been hit with a cyber-attack. Five of the companies confirmed service disruptions from the hacking.
Though the cyber-attack didn’t disrupt the supply of gas to U.S. homes and businesses, it showed how even a minor attack can have ripple effects. The attack forced utilities to warn of widespread billing delays and made it difficult for analysts and traders to predict a key government report on gas stockpiles.
In December 2016, hackers took down almost a quarter of Ukraine’s power grid. Officials blamed Russians at the time for tampering with the utilities’ software and then jamming the power companies’ phone lines to keep customers from alerting anyone.
The hack knocked out at least 30 of the country’s 135 power substations for about six hours. Cybersecurity firms working to trace its origins say the attack occurred in two stages. First, hackers used malware to direct utilities’ industrial control computers to disconnect the substations. Then they inserted a wiper virus that made the computers inoperable.
In 2012, Saudi Arabia blamed unidentified people based outside the kingdom for a cyber-attack against state-owned Saudi Arabian Oil Co. that aimed to disrupt production from the world’s largest exporter of crude.
More than 30,000 computers were compromised or affected by a so-called “spear-phishing” attack, raising concerns about the threat hackers may pose to output at the company also known as Saudi Aramco. A spokesman for the Interior Ministry, declined at the time to identify any of the “several foreign countries” from which the attack originated.
Energy companies from electric utilities, to power-grid operators to oil and gas pipeline operators have warned that cyberattacks are becoming more and more prevalent. The largest U.S. power grid operator, PJM Interconnection LLC, has warned regulators that it’s facing increasing attacks. Last May, the U.K.’s grid data system was hacked, although electricity supplies weren’t affected. And in March, an attack against Europe’s association of grid operators, ENTSO-E, affected its internal office systems.
Iran Nuclear Facility Hit
Iran said its largest uranium enrichment facility was a target of “nuclear terrorism” last month. A senior official said a blackout at the Natanz plant, home to thousands of gas centrifuges, was an attempt to thwart both Iran’s atomic progress and ongoing nuclear talks in Vienna.
In the past, Iran has largely blamed Israel for attacks on its nuclear infrastructure.
It was the second suspicious incident at Natanz in less than a year. Last July, an explosion and fire caused significant damage to an outbuilding that contained an assembly line for centrifuge machines, officials said at the time, blaming sabotage and foreign interference.
In 2010, Natanz was the target of a major cyber attack using the Stuxnet computer virus.
©2021 Bloomberg L.P.