Homeland Security Watch

News and analysis of critical issues in homeland security

May 6, 2012

Cyber attack currently underway targeting natural gas industry

Filed under: Cybersecurity — by Philip J. Palin on May 6, 2012

Here’s something worth reading.  I am only displaying the first three paragraphs of a fairly indepth piece of reporting.

By Mark Clayton writing in the Christian Science Montior.

A major cyber attack is currently underway aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.

At least three confidential “amber” alerts – the second most sensitive next to “red” – were issued by DHS beginning March 29, all warning of a “gas pipeline sector cyber intrusion campaign” against multiple pipeline companies. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing.

That fact was reaffirmed late Friday in a public, albeit less detailed, “incident response” report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.


During the House of Representatives so-called Cyber Week there was disagreement regarding the nature of the cyber threat.  Following is a recent Richard Clark quote differentiating an acute threat from a chronic threat:

People keep asking, well, do we have to have a cyber Pearl Harbor in order for people to do the right thing? Implicit in that question is sort of a hope that that will happen and then maybe we’ll fix everything. I don’t know that there ever will be a cyber Pearl Harbor. What I do know is that we’re suffering the death of a thousand cuts in the little Pearl Harbors that are happening every day, where cyberespionage and cybercrime are having a huge cumulative and negative effect. The theft of research and development information, the theft of intellectual property, the theft even of transactional data is giving huge economic advantage to our competitive opponents in other countries. If we all sit around waiting for the apocalypse to do something appropriate on cybersecurity, it may never happen and we may never solve the problem.

In the New York Time’s Friday piece on the National Preparedness Report, the reporter emphasized cyber vulnerabilities (not where my first read took me):

… it was the report’s findings about cybersecurity that appeared to be the most troubling, and they continued a drumbeat from the Obama administration about the need for Congress to pass legislation giving the Department of Homeland Security the authority to regulate computer security for the country’s infrastructure.

The report said that cybersecurity “was the single core capability where states had made the least amount of overall progress” and that only 42 percent of state and local officials believed that theirs was adequate.

I hope HLSWatch readers will take the time to read the NPR.  I would welcome your comments, concerns, or more here.   How should we read it?  What are the major take-aways?  What are the major questions raised?  What should we do with it? What can we do with it?  If there is a delta between should and can, what does that tell us?

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by William R. Cumming

May 6, 2012 @ 3:49 pm

Canadian government announced these attacks publically when they first began occurring. Wonder if the DOT unit that regulates pipeline safety involved?

Comment by Donald Quixote

May 6, 2012 @ 10:28 pm

An interesting article regarding SCADA security from the trade:


Comment by William R. Cumming

May 6, 2012 @ 11:45 pm

Great article! Thanks Don Q!

Comment by William R. Cumming

May 7, 2012 @ 11:19 am

The NPR despite being labeled a FEMA report and FEMA was charged by statute in PKEMRA 2006 with its annual preparation by its own terms it was fully coordinated. One of its defects highlighted by this supplemental post is that FEMA IMO has no role informal or formal over cyber security issues which remained behind when certain functions of the Preparedness Directorate headed then by George Foresman were left behind when the “new” FEMA was formed. The annual preparedness report would have been a better contribution if it had used metrics rather than FEMA’s normal dodgy language of “substantial progress” or some related terminology and had specifically indicated what part of FEMA, DHS or other government components were responsible for upgrading preparedness in the USA.

Please tell me I am wrong? And document!

Pingback by Homeland Security Watch » The Cyber-Tootsie Roll Effect (Or Please Stop Calling Every Cyber Something An Attack)

May 28, 2012 @ 11:18 pm

[…] Taylor was describing his theory of response to attacks such as the recent targeting of the natural gas industry. Yet in seeing a tootsie roll, uh, I mean cyber attack originating in […]

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>