Cyber Attack on third party electronic communications

At least seven U.S natural gas pipeline operators form Energy Transfer Partners to TransCanada have posted a notice on their website to their customers April 9, stating their third-party electronic communications systems were shutdown. Five confirming the service disruption were caused by hacking.

Currently the regulation doesn’t require the companies to alert the U.S Transportation Security Administration Agency. (TSA)

The cyber attack didn’t interrupt the supply of gas to U.S home and business. It is emphasizing that energy companies from electric, telecommunication and pipeline operators are becoming increasingly vulnerable to hackers.

Any attacks can have a rippled effect on their business starting with billings making it more cumbersome for analysts and traders to report forecast and data on gas stockpiles.

The latest attacks are a wake-up call addressing the aging energy infrastructure to be a priority. In 2012, a similar attack targeted pipeline communication system.

All attacks are from remote locations, the latest cyber attack focused on the customers to communicate their needs with operators using the electronic exchange of documents such as contracts and invoices.

The attacks didn’t affect the operational control of the pipelines.

In the recent years the government has been concentrating on web-base energy threats. In March, the TSA has published a report on pipeline security that included a section on cybersecurity. The agency urges pipeline operators to take active steps toward cybersecurity plan, limiting network access and default passwords.

The TSA doesn’t require operators to report cyber attack, neither the agency would have jurisdiction over an intrusion on a third-party communications provider. The agency will continue to work with the pipeline industry to assess any vulnerabilities associated with these incidents.

The American Gas Association that represent more than 200 gas supply companies, support voluntary reporting of cyber attacks. If the regulation would require operators to report any incidents, it could create a false sense of security in an ever-changing cyber threats environment.

The threat appears to be widespread. The Department of Energy’s Pacific Northwest National Laboratory in Washington State, said its firewall systems blocks 25,000 cyber attacks a day 2 years ago.