Cyberattack pings data systems of at least four gas networks
At least four U.S. pipeline companies have seen their electronic systems for communicating with customers shut down over the last few days, with three confirming it resulted from a cyberattack.
On Tuesday, Tulsabased ONEOK Inc., which operates natural gas pipelines in the Permian Basin in Texas and the Rocky Mountains region, said it disabled its system as a precaution after determining that a third-party provider was the “target of an apparent cyberattack.”
A day earlier, Energy Transfer Partners, Boardwalk Pipeline Partners, and Chesapeake Utilities Corp.'s Eastern Shore Natural Gas reported communications breakdowns, with Eastern Shore saying its outage occurred on March 29. The Department of Homeland Security, which said Monday it was gathering information about the attacks, had no immediate comment Tuesday.
“We do not believe any customer data was compromised,” said the Latitude Technologies unit of Energy Services Group, which Energy Transfer and Eastern Shore both identified as their thirdparty provider. “We are investigating the reestablishment of this data,” Latitude said in a message to customers.
The company wasn't ready to make a statement or discuss the details of the service disruption yet, Carla Roddy, marketing director at Energy Services Group, said in a brief interview at the company's headquarters in Norwell, Massachusetts.
The attacks follow a U.S. government warning in March that Russian hackers are conducting an assault on the U.S. electric grid and other targets. Last month, Atlanta's government was hobbled by a ransomware attack.
The electronic systems help pipeline customers communicate their needs with operators, using a computer-to-computer exchange of documents. Energy Transfer said the electronic data interchange system provided by Latitude was back up and working Monday night. The business wasn't otherwise affected, spokeswoman Vicki Granado said in an email.
Eastern Shore Natural Gas's Latitude system was restored on Monday as well, the company said in a notice to customers. In addition to providing EDI services, Latitude
also hosts websites used by about 50 pipelines for posting notices to customers. At least some of the websites went down on March 29 and didn't start returning until Monday, according to Dan Spangler, pipeline
manager for data provider Genscape Inc. in Boulder, Colorado.
“Although all of the sites are back up now, many of them are still missing” data for March 30 and April 1, he said. “Other than Energy Transfer pipes and the pipelines hosted by Latitude, we haven't seen any issues with gas data.”
The shutdowns are “not operationally serious in the sense that it's stopping the natural gas from moving, but it is serious because it's causing these companies to use workarounds for communication,” said Rae McQuade, president of the North American Energy Standards Board in Houston, which is responsible for developing industry standards.
“If somebody is running a business that has some kind of critical asset to it — pipelines, energy, finance — those networks are going to be targets; those networks have been targets,” said John Harbaugh, chief operating officer at R9B, a Colorado Springs, Colorado, cybersecurity solutions provider.
Many of the 3 million
miles of pipelines that spread across America rely on third-party companies for their electronic communication systems, Andy Lee, senior partner at Jones Walker in New Orleans, said by telephone Tuesday. In turn, they depend on those companies to provide security for those systems from attacks.
Latitude is “very well
known in the industry,” the energy board's McQuade said. “They have a lot of clients, they are very well respected.”
The systems are gaining attention from hackers because they've proven to be “low-hanging” fruit that creates an opportunity for ransomware or to sell the information on the dark web, Lee said.