NEW YORK (NYTIMES) - The Joe Biden administration disclosed previously classified details on Tuesday (July 20) about the breadth of state-sponsored cyber attacks on American oil and gas pipelines over the past decade, as part of a warning to pipeline owners to increase the security of their systems to stave off future attacks.
From 2011 to 2013, Chinese-backed hackers targeted, and in many cases breached, nearly two dozen companies that own such pipelines, the Federal Bureau of Investigation and the Department of Homeland Security revealed in an alert on Tuesday.
For the first time, the agencies said they judged that the "intrusions were likely intended to gain strategic access" to the industrial control networks that run the pipelines "for future operations rather than for intellectual property theft". In other words, the hackers were preparing to take control of the pipelines, rather than just stealing the technology that allowed them to function.
Of 23 operators of natural gas pipelines that were subjected to a form of e-mail fraud known as spear phishing, the agencies said that 13 were successfully compromised, while three were "near misses". The extent of intrusions into seven operators was unknown because of an absence of data.
The disclosures come as the federal government tries to galvanise the pipeline industry after a ransomware group based in Russia easily forced the shutdown of a pipeline network that provides nearly half the petrol, jet fuel and diesel that flows up the East Coast. That attack on Colonial Pipeline - aimed at the company's business systems, not the operations of the pipeline itself - led the company to shut off its shipments for fear that it did not know what the attackers would be capable of next.
Long petrol lines and shortages followed, underscoring for President Biden the urgency of defending the United States' pipelines and critical infrastructure from cyber attacks.
The declassified report on China's activities accompanied a security directive that requires owners and operators of pipelines deemed critical by the Transportation Security Administration to take specific steps to protect against ransomware and other attacks, and to put in place a contingency and recovery plan.