The Energy Security Agency (ESA) today confirmed that
brownouts seen overnight in the Northeast are connected to the ongoing
cyberattacks against the Friendly Morning Pipeline Company. Spokesman
Edison Watt reported that three gas-fired powerplants suffered supply interruptions
yesterday causing them to shut down safely. All three plants were subsequently
brought back online after gas supply resumed.
Watts noted that there were no cyber attacks on any
electrical production or distribution systems. “The grid is safe and operating
nominally,” he noted. “The system is designed to allow for production
interruptions at individual production facilities. The minor problems last
night were due to these three major generators dropping off-line at nearly the
same time.”
George Friendly, CEO of the Friendly Morning Pipeline
Company, told reporters that his company had engineers at each pumping station to
operate the system under manual controls until the cyber issues could be remediated.
“We should see no more interruptions of gas delivery to either our residential
customers or power generation facilities.” The company is relying on assistance
from other pipeline operators to maintain the 100% manual operation of the East
Coast Prime Pipeline.
Immanuel C. Securitage from ECS-CERT told reporters that the
agency has confirmed that the Smerdis Group is behind the ongoing cyberattacks on
the pipeline. The group is known to operate out of Karaj, Iran, but appears to
be independent of the Iranian government.
Dade Murphy from Dragonfire, a cybersecurity company
assisting in the investigation, reported that it appears that the Smerdis Group
had been present in the pipeline control system for some time. The attacks were
exploiting known denial-of-service vulnerabilities in a number of the control
system components. These vulnerabilities were rated as ‘low-risk’ because
rebooting the affected device restored full system operation fairly quickly.
Murphy noted that: “Companies frequently decide not to patch for these vulnerabilities
due to time constraints and costs involved; it’s a common risk-benefit conclusion
for these types of vulnerabilities.”
Securitage told reporters what was going on with this
extended cyberattack on the pipeline was that the attackers were stringing
minor DOS attacks on multiple devices at a pumping station together to have a
larger impact on pipeline pressure. “This is a sophisticated attack requiring extensive
pipeline engineering experience and a high-level of knowledge about the control
system involved. This is a hallmark of the Smerdis Group.”
Watts agreed with a reporter’s suggestion that coal fired power
plants were not subject to this type of fuel-denial attack. He noted that: “Coal-fired
plants did typically have days to weeks of coal supplies on hand to avoid problems
with fuel-delivery interruptions. That has not been deemed necessary for
gas-fired plants. The ESA will be looking at that issue. On-site gas storage
may become a requirement.”
CAUTIONARY NOTE: This is a future news story –
No comments:
Post a Comment