Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Cyber "Attack" Aimed at Pipeline Companies Was Handled Washington-Style

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 11 May 2012 03:08:37 -0500 (CDT)
http://www.washingtonian.com/blogs/capitalcomment/local-news/cyber-attack-aimed-at-pipeline-companies-was-handled-washington-style.php

By Shane Harris
Washingtonian
May 10, 2012
Here's the first thing you need to know about a reported "cyber attack" against natural gas pipeline operators that was revealed last week: It wasn't actually an attack--not on the pipelines anyway, which is how it has been portrayed in some news accounts. So far, there's no evidence that electronic intruders gained access to the systems that control gas pipelines, or that any of these lines were damaged. Rather, an as-yet-unidentified hacker or group of hackers was trying to get inside the corporate networks of the pipeline operators themselves. That's a serious breach, but it's not as serious as taking over a pipeline.
Here's the second thing you need to know: This incident marks a new, heightened level of influence by Washington over security in the energy sector--and that influence will only get stronger as more incidents like this occur. Right now, Congress is debating cyber security legislation that would get the government more involved in managing corporate security breaches.
In this latest case, federal security and law enforcement agencies were involved early on as pipeline operators discovered they might be the target of an espionage campaign. For much of the time, they successfully enforced a media and public information blackout of the events. While several companies were discovering they were targets, federal authorities investigated and watched the intruders, but they didn't immediately issue a broad alert warning all pipeline operators that they might be at risk. Authorities held classified briefings with affected companies across the country. The intrusion campaign is ongoing, and it's not yet clear how many companies may be involved.
Here's how events unfolded, based on government accounts and interviews with people who are privy to details of the investigation. 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: