The Biden administration earlier announced secret details on Tuesday about the breadth of government-sponsored cyberattacks on American oil and gas pipelines over the past decade as part of a warning to pipeline owners to heighten the security of their systems to ward off future attacks.
From 2011 to 2013, China-backed hackers targeted, and in many cases breached, nearly two dozen companies that own such pipelines that F.B.I. and the Department of Homeland Security revealed in a warning on Tuesday. For the first time, authorities said they believed the “intrusions were likely intended to gain strategic access” to the industrial control networks that operate the pipelines “for future operations, not for intellectual property theft.” In other words, the hackers were preparing to take control of the pipelines instead of just stealing the technology that made them work.
Of 23 natural gas pipeline operators exposed to a form of email scam called spear phishing, authorities said 13 were successfully compromised while three were “near misses”. The extent of the penetration into seven operators was not known due to a lack of data.
The revelations come as the federal government tries to mobilize the pipeline industry after a Russia-based ransomware group lightly forced the closure of a pipeline network that supplies nearly half of the gasoline, kerosene and diesel that flows up the east coast . This attack on the Colonial Pipeline – which targeted the company’s business systems, not the operations of the pipeline itself – resulted in the company stopping shipments for fear of not knowing what the attackers would be able to do next. Long gasoline lines and bottlenecks followed, underscoring the urgency of President Biden’s efforts to protect the United States’ pipelines and critical infrastructure from cyberattacks.
The released report on China’s activities accompanied a security policy that obliges owners and operators of pipelines that have been classified as critical by the Transportation Security Administration to take specific measures to protect against ransomware and other attacks and to draw up a contingency and recovery plan. The exact steps have not been made public, but officials said they tried to address some of the major shortcomings identified in the review of the Colonial Pipeline attack. (The privately owned company said little about the vulnerabilities in its systems that the hackers exploited.)
The directive follows another in May that requires companies to report significant cyberattacks to the government. But that didn’t seal the systems.
The recently released report recalled that nationwide backed hackers targeted oil and gas pipelines before cybercriminals found new ways to hold their operators hostage to extort ransom. Ransomware is a form of malware that encrypts data until the victim pays. The attack on the Colonial Pipeline resulted in it paying approximately $ 4 million in cryptocurrency, some of which the F.B.I. seized after the criminals left some of the money in cryptocurrency wallets visible. But, as one police officer said, it was a “blissful break”. Another ransomware attack several weeks later claimed JBS, a manufacturer of beef products, for $ 11 million. none of this has been restored.
Nearly 10 years ago, the Department of Homeland Security said in the released report it had begun to respond to oil pipeline break-ins and electricity operators at an “alarming rate”. Officials successfully traced some of these attacks back to China, but in 2012 the motivation was not clear: were the hackers trolling for trade secrets? Or were they positioning themselves for a future attack?
“We’re still trying to find out,” a senior American intelligence official told the New York Times in 2013. “You could have done either.”
However, Tuesday’s warning said the goal was to “compromise the US pipeline infrastructure.”
“This activity should ultimately help China develop cyberattack capabilities against US pipelines to physically damage pipelines or disrupt pipeline operations,” the warning said.
The alert was triggered by new cyber defense concerns of critical infrastructure that were brought to the fore with the attack on the Colonial Pipeline. The violation triggered an alert at the White House and Department of Energy, which found the country could have afforded only three days of downtime before local transport and chemical refineries came to a standstill.
Mandiant, a division of security firm FireEye, said the advice was in line with the China-backed break-ins it tracked at several natural gas pipeline companies and other critical operators from 2011 to 2013. stark “believed that in one case, Chinese hackers had gained access to the controls, which could have enabled a pipeline to be shut down or possibly set off an explosion.
While the policy did not name the victims of the pipeline break-in, Telvent was one of the companies infiltrated by Chinese hackers monitoring more than half of the oil and gas pipelines in North America during the same period. She discovered hackers in her computer systems in September 2012, only after hanging around there for months. The company closed its remote access to its customers’ systems because it feared it could be used to shut down American infrastructure.
The Chinese government denied that it was behind the Telvent break. congress Adopt cybersecurity laws this would have increased the security of pipelines and other critical infrastructures. And the country seemed to be moving on.
Almost a decade later, the Biden administration says the threat of hacking on America’s oil and gas pipelines has never been greater. “The lives and livelihoods of the American people depend on our collective ability to protect our country’s critical infrastructure from evolving threats,” Homeland Security Secretary Alejandro N. Mayorkas said in a statement Tuesday.
The May Directive set a 30-day period to “identify all loopholes and related remedial measures to address cyber risks” and submit them to the T.S.A. and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
Shortly after taking office, Mr Biden promised that improving cybersecurity would be a top priority. That month, he met with top advisors to discuss options for responding to a wave of Russian ransomware attacks on American companies, including a July 4th company in Florida that provides software for companies that manage technology for smaller businesses .
And on Monday, the White House announced that the Chinese Ministry of State Security, which oversees the secret service, was behind an unusually aggressive and sophisticated attack on tens of thousands of victims who relied on Microsoft Exchange mail servers in March.
Separately, the Justice Department on Monday unsealed charges against four Chinese citizens for coordinating trade secret hacking by companies in the aerospace, defense, biopharmaceutical and other industries.
According to the charges, China’s hackers operate from bogus companies, some in Hainan Island, and tap into Chinese universities to not only recruit hackers for the government but also to manage critical business operations such as payroll. This decentralized structure, say American officials and security experts, is intended to offer the Chinese Ministry of State Security a plausible denial.
The charges also revealed that China’s “pro-government” hackers ran their own for-profit ventures and carried out ransomware attacks that extorted millions of dollars from companies.
Eileen Sullivan Reporting contributed.