A cyber-attack has never taken down a U.S. fuel pipeline quite as big as the Colonial Pipeline. It’s the nation’s largest gasoline, diesel and jet fuel system and a critical source of fuel supply for the U.S. Northeast.
This isn’t the first time hackers have hit energy assets in America, at times disrupting services and upending operations. This shows how vulnerable the US infrastructure is to the attacks
Two-Day Gas Outage
In February 2020, the DHS issued an alert about a ransomware attack that brought down a U.S. natural gas compressor facility for two days.
The agency didn’t say which facility was targeted, when the attack occurred or who was behind it. But it did offer some details: Hackers sent emails with a malicious link, known as a phishing attack, to gain control of the facility’s information technology system.
It appeared likely that the attacker explored the facility’s network to “identify critical assets” before executing the ransomware attack. This tactic, which has become increasingly popular among hackers, makes it possible for the attacker to disable security processes that would normally be enough to detect known ransomware indicators.
Pemex Systems Down
Mexico’s oil giant Petroleos Mexicanos reported a cyber-attack in November 2019 that crippled its computer systems. The company’s communication systems were affected for weeks afterwards . The hacker behind the attack tried to squeeze almost $5 million out of the company. Pemex at the time refused to pay the ransom.
Gas Communications Targeted
In April 2018, several U.S. natural gas pipeline operators including Energy Transfer Partners LP and TransCanada Corp. reported that a third-party electronic communications system had been hit with a cyber-attack. Five of the companies confirmed service disruptions from the hacking.
Though the cyber-attack didn’t disrupt the supply of gas to U.S. homes and businesses, it showed how even a minor attack can have ripple effects. The attack forced utilities to warn of widespread billing delays and made it difficult for analysts and traders to predict a key government report on gas stockpiles.
In December 2016, hackers took down almost a quarter of Ukraine’s power grid. Officials blamed Russians at the time for tampering with the utilities’ software and then jamming the power companies’ phone lines to keep customers from alerting anyone.
The hack knocked out at least 30 of the country’s 135 power substations for about six hours. Cybersecurity firms working to trace its origins say the attack occurred in two stages. First, hackers used malware to direct utilities’ industrial control computers to disconnect the substations. Then they inserted a wiper virus that made the computers inoperable.
In 2012, Saudi Arabia pointed out unidentified people based outside the kingdom for a cyber-attack against state-owned Saudi Arabian Oil Co. that aimed to disrupt production from the world’s largest exporter of crude.
More than 30,000 computers were compromised or affected by a so-called “spear-phishing” attack, raising concerns about the threat hackers may pose to output at the company also known as Saudi Aramco.
Energy companies from electric utilities, to power-grid operators to oil and gas pipeline operators have warned that cyberattacks are becoming more and more prevalent. The largest U.S. power grid operator, PJM Interconnection LLC, has warned regulators that it’s facing increasing attacks. Last May, the U.K.’s grid data system was hacked, although electricity supplies weren’t affected. And in March, an attack against Europe’s association of grid operators, ENTSO-E, affected its internal office systems.