DHS warns of cyber threats to critical systems after attack on pipeline operator

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is warning of potential cyber threats to companies operating critical systems this week, with the alert coming on the heels of a cyberattack last year on a pipeline operator.

In the alert released Tuesday, CISA detailed its response to a recent ransomware attack on an unnamed “natural gas compression facility.” The ransomware virus came from a malicious link in an email, which was then able to compromise the company’s systems. 

CISA wrote that the facility, which never lost control of operations but did have difficulty interpreting network data, decided to temporarily shutdown operations and that the group had not considered a cyberattack when formulating its emergency response plans. 

The attack also disrupted operations at nearby critical systems operators, which meant that the entire pipeline involved was shut down for two days.

CISA strongly recommended that operators of similar critical systems create a plan for what to do in the case of a debilitating cyberattack that affects operations and that cybersecurity be incorporated into safety training plans for employees due to the potential that cyberattacks on these facilities could cause physical harm. 

Cybersecurity group Dragos issued an assessment on Wednesday linking the attack on the facility to an alert put out by the U.S. Coast Guard in December. 

The Coast Guard warned in its alert of a ransomware intrusion at a facility regulated under the Maritime Transportation Security Act. The attack forced the facility to shut down for 30 hours after disrupting camera and physical access control systems, along with disrupting the entire corporate IT network at the facility. 

Dragos noted that it did not believe the attack was targeted at industrial control systems, but rather that it was a more common ransomware attack, in which the attacker locks up a system and demands payment to give the user access again.  

Ransomware attacks have increasingly become a major threat nationwide following attacks over the past two years on the city governments of Atlanta, Baltimore and New Orleans, attacks on school districts across the country, and states of emergency being declared in both Texas and Louisiana followed coordinated attacks on multiple groups.

Congress has taken an interest in the issue, with multiple bills introduced designed to give state and local officials more tools to defend against and recover from ransomware attacks.

CISA Director Christopher Krebs briefed members of the Senate Cybersecurity Caucus about threats from ransomware in December. Krebs also asked at a recent Senate committee hearing that Congress give CISA more resources to help state and local officials respond to cyber threats. 

“We have to get more resources out in the field,” Krebs testified. “I cannot be effective if I am sitting here in Washington, D.C. I need more dedicated state and local resources.”