"ICS-CERT has recently identified an active series of cyber intrusions targeting natural gas pipeline sector companies," the confidential April 13 alert warns. "Multiple natural gas pipeline organizations have reported either attempts or intrusions related to this campaign. The campaign appears to have started in late December 2011 and is active today."
Safeguarding industrial control systems from cyber attack is a major point of debate right now in Congress, which has been wrangling over whether to grant the federal government authority to require that vital sectors like the electric utility, oil and gas, and chemical industries meet certain levels of cyber security.
Approximately 200,000 miles of these interstate natural gas transmission pipelines in the US supply 25 percent of the nation's energy. Pipeline safety has been a major issue in recent years, highlighted by the San Bruno, Calif. pipeline explosion that killed eight people and destroyed 38 homes in the Bay Area in September 2010.
In Friday's public warning, ICS-CERT reaffirms that its "analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source." It goes on to broadly describe a sophisticated "spear-phishing" campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.
Spear-phishing has become one of the attack vectors of choice for cyber spies intent on infiltrating corporate networks. In such an attack, a specific person in the organization is researched, often using social networking sites like Facebook or LinkedIn in order to carefully craft a convincing e-mail that appears to be from a close associate.