AICPA SOC Service Organizations - Certrec
NERC Primers

Critical Infrastructure Attacks in the U.S.

Cyber Attacks: An Evolving Threat

Physical attacks and natural disasters are not the only threats to critical infrastructure. As critical sectors increasingly rely on online, interconnected solutions, the threats they face have evolved accordingly. Network resilience and security are paramount to ensuring that connectivity remains uninterrupted and safe.

It has been reported that 56% of utilities have faced a cyber-attack in the last year. President Joe Biden has recently made a statement citing concerns that the Russian Government is exploring options for potential cyber-attacks. This means that companies in the energy industry must have physical and cyber security measures that are able to withstand these threats. Constant vigilance and checks can go a long way toward securing infrastructure, but these steps are not always sufficient. 

Listed below are several recent examples of the types of attacks that companies have and will continue to face.

Colonial Oil Pipeline

Source: The New Tork Times

On May 7th, 2021, one of the most devastating cyberattacks on infrastructure in recent memory occurred. The Colonial Oil Pipeline was hit by a targeted ransomware attack. This meant that the largest overall pipeline in the U.S. was forced to shut down its networks and operations.  This pipeline supplied upwards of 45% of the East Coast’s gas, diesel, and jet fuel. While system function returned by May 18th, nearly 11,000 gas stations were still without gas.

More than 100GB of data was stolen from company servers by the hacker group DarkSide. Control was handed back to Colonial only after they paid $5 million in cryptocurrency. In a rippling effect, the average cost of gas per gallon rose in the U.S. to the highest in over six years. 

While the attack vector is still unknown, it is believed to have originated in an unpatched vulnerability or a phishing scam run on an employee. It is difficult to pinpoint an exact cause due to a number of variables and issues that still remain unanswered. Regardless, this shows the need for employee training and procedures on how to prevent data leaks and unauthorized access. Without strongly enforced procedures, employees can become a vulnerability for hackers to exploit.

San Francisco’s Municipal Railway light-rail system

Source: USA Today

 In 2016 Hackers used ransomware called Mamba to compromise the city’s Municipal Railway light-rail. The hackers breached the system to access and encrypt over 2000 office systems

This attack forced the company to shut down the ticketing systems for four days. Instead, customers were greeted with messages that the trains were “Out of Order” or that there were “Free Rides.” Luckily, no customer or transaction data was compromised in this attack. Backups allowed the transit authority to recover function on most of the systems quickly after the attack was discovered.

This attack shows that periodically upgrading and running security audits helps detect vulnerabilities like the ones used for the ransomware. From there, vulnerabilities can be patched quickly. Though the backups helped prevent the situation from worsening, more can be done to prevent these attacks from occurring. 

Iranian Cyber Attack on New York Dam

Source: Reuters

In 2016, Iranian state-sponsored hackers broke into the Supervisory Control And Data Acquisition (SCADA) systems of the Bowman Dam in New York. The system was connected to a cellular modem but was under maintenance during the time of the attack.

The attack was deemed a penetration test to probe for weaknesses and was not necessarily complex in nature. The hackers exploited the unprotected modem connection and the absence of any security controls on the Dam’s systems. Thankfully, the hackers only accessed a small sluice gate, however, they were able to manipulate the SCADA controllers expertly.

This shows that critical infrastructure controllers must be kept separate from the internet. If the controllers must have connectivity, proper security controls and segregation must be implemented. Luckily for New York Dam, this situation was only minor. However, the hackers had more complex goals for the attack, the situation could have been much worse.

Energy Transfer Partners pipeline

Source: Bloomberg

In April 2018, the communications network utilized by Energy Transfer Partner’s (ETP) pipeline system faced a cyberattack and was shut down. By Monday, April 2, 2018, officials stated there was no impact on natural gas flows.

The outage impacted the electronic communication system that Energy Services Group LLC provides to ETP. Bloomberg reports that the attack has been overcome.

Hackers have been increasing their attacks on energy and other critical infrastructure, as well as targeting supervisory control and data acquisition systems. Federal authorities say Russia is the most likely culprit right now. Phil Neray, vice president of industrial cybersecurity at Boston-based CyberX stated “The FBI/DHS alert makes it clear that our critical infrastructure is in the cross-hairs of our adversaries.”

The increase in threats from state actors such as Russia points to a need for growth in critical infrastructure protections.

Just getting started with NERC CIP? Check out some of our resources