Data System in Third U.S. Pipeline Company Hobbled After Cyber Attack

April 3, 2018 by Naureen S. Malik and Ryan Collins

A third U.S. pipeline company reported its electronic system for communicating with customers has stopped working, a day after a cyberattack resulted in a similar shutdown.

The Department of Homeland Security, which said Monday it’s gathering information about the potential intrusion, had no immediate comment on the latest shutdown. Tuesday’s closure affected Oneok Inc., which operates natural gas pipelines in the Permian Basin in Texas and the Rocky Mountain region. The cyberattack Monday didn’t affect flows on the pipeline.

The shutdowns come after U.S. officials warned in March that Russian hackers are conducting a broad assault on the nation’s electric grid and other targets. Last month, Atlanta’s municipal government was hobbled for several days by a ransomware attack.

The systems hit in the last two days help pipeline customers communicate their needs with operators, using a computer-to-computer exchange of documents. Energy Transfer Partners LP and Boardwalk Pipeline Partners LP reported breakdowns Monday. Energy Transfer, which reported the reason as being a cyberattack, said its electronic data interchange system — provided by third-party Energy Services Group LLC — was back online in the early evening, and that business wasn’t affected in any other way.

“It is not operationally serious in the sense that it’s stopping the natural gas from moving, but it is serious because it’s causing these companies to use workarounds for communication,” said Rae McQuade, president of the North American Energy Standards Board in Houston, which is responsible for developing industry standards.

“If somebody is running a business that has some kind of critical asset to it — pipelines, energy, finance — those networks are going to be targets; those networks have been targets,” said John Harbaugh, chief operating officer at R9B, a Colorado Springs, Colorado, cyber security solutions provider.

Tulsa, Oklahoma-based Oneok said its EDI system would be “unavailable until further notice,” but didn’t provide a reason, according to a website notice. The company didn’t immediately respond to requests for further comment. Latitude, the unit of Energy Services Group that operates Energy Transfer’s system, didn’t return phone calls or emails on Monday or Tuesday.

Latitude is “very well known in the industry, ” the energy board’s McQuade said. “They have a lot of clients, they are very well respected.”

Many of the 3 million miles of pipelines that spread across America rely on third-party companies for their electronic communication systems, Andy Lee, senior partner at Jones Walker LLP in New Orleans, said by telephone Tuesday. In turn, they depend on those companies to provide security for those systems from attacks.

Gaining Attention

The systems are gaining attention from hackers because they’ve proven to be “low-hanging” fruit that creates an opportunity for ransomware or to sell the information on the dark web, Lee said.

This isn’t the first time U.S. pipelines have been targeted. In 2012, a federal cyber response team said in a note that it had identified a number of “cyber intrusions” targeting natural gas pipeline sector companies. The group, the Industrial Control System Cyber Emergency Response Team, is a division of Homeland Security.

“It’s important to recognize that this does not appear to be an attack on an operational system,” said Cathy Landry, a spokesman for the Interstate Natural Gas Association of America. “An attack on a network certainly is inconvenient and can be costly, and something any company – whether a retailer, a bank or a media company — wants to avoid, but there is no threat to public safety or to natural gas deliveries.”

She said she “cannot speak for any of the companies specifically about what may or may not have happened to their systems.”