As part of an alert to pipeline owners, the Biden administration released previously classified information on Tuesday regarding the extent of state-sponsored cyberattacks against American oil and gas pipelines over a decade.
From 2011 to 2013, Chinese-backed hackers targeted, and in many cases breached, nearly two dozen companies that own such pipelines, the F.B.I. and the Department of Homeland Security revealed in an alert on Tuesday. The agencies stated for the first time that they believed the intrusions were intended to gain strategic access to the industrial control networks that control the pipelines. This alert was published on Tuesday.
Out of 23 operators of natural gas pipelines that were subjected to a form of email fraud known as spear phishing, the agencies said that 13 were successfully compromised, while three were “near misses.” The extent of intrusions into seven operators was unknown because of an absence of data.
These disclosures are made by the federal government as it tries to mobilize the pipeline industry following a ransomware organization based in Russia that easily forced the shut down of a pipeline network that supplies nearly half of the East Coast’s gasoline, jet fuel, and diesel. That attack on Colonial Pipeline — aimed at the company’s business systems, not the operations of the pipeline itself — led the company to shut off its shipments for fear that it did not know what the attackers would be capable of next. President Biden stressed the importance of protecting the United States’ critical infrastructure and pipelines from cyberattacks.
A security directive required pipeline owners and operators to take steps to prevent ransomware attacks and put in place a recovery and contingency plan. The report was declassified and included a report on China’s activities. Officials said that they tried to correct some of the major deficiencies discovered during their review of the Colonial Pipeline attack. The company, which is privately owned, has not provided any details about the vulnerabilities found in its systems by hackers.
The directive follows another in May that required companies to report significant cyberattacks to the government. However, this did not help to secure the systems.
This newly classified report is a reminder of how nation-backed hackers attacked oil and gas pipelines before cybercriminals invented new ways to hold their operators hostage for ransom. Ransomware, a type of malware that encrypts data and demands payment from the victim, is a form of ransomware. Colonial Pipeline was the victim of a ransomware attack that led to it paying $4 million in cryptocurrency. Some of this money was seized back by the F.B.I. seized back after the criminals left part of the money visible in cryptocurrency wallets. However, that was a “lucky catch” according to one law enforcement official. A ransomware attack was launched a few weeks later and extracted $11million from JBS, a producer of beef products. None of the money was ever recovered.