The Biden administration revealed on Tuesday once classified information on the scope of Chinese state-sponsored cyberattacks on American oil and gas pipelines over the last ten years meant to cripple US infrastructure. The report is part of a broader effort by the administration to pressure pipeline owners into bolstering their cyber security to avoid future attacks.
According to an alert from the Cybersecurity and Infrastructure Security Agency (CISA), between 2011 and 2013, Chinese hackers targeted, and in numerous cases breached, 23 U.S. natural gas pipeline operators in a spear-phishing and intrusion campaign. Of those targeted, 13 were confirmed to be compromised, three were near misses and seven had an unknown depth of intrusion.
“The U.S. Government has attributed this activity to Chinese state-sponsored actors. CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk,” the alert stated. “Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations.”
In the alert, both the CISA and the FBI urged owners and operators of Energy Sector and other critical infrastructure networks to “adopt a heightened state of awareness” and implement mitigation efforts that will improve cyber defense, including hardening the corporate network to limit the risk of compromise, updating all software in a timely manner and enabling strong spam filters to prevent phishing emails from reaching users.
“CISA and the FBI urge Energy Sector and other CI owners and operators to apply the following mitigations to implement a layered, defense-in-depth cyber posture,” the alert continued. “By implementing a layered approach, administrators will enhance the defensive cyber posture of their OT/ICS networks, reducing the risk of compromise or severe operational degradation if their system is compromised by malicious cyber actors.”
The report comes months after Eastern Eurpean hackers breached Colonial Pipeline Co., disrupting the United States’ largest fuel pipeline and demanding a ransom. Colonial Pipeline ended up paying a the hackers a steep price in untraceable cryptocurrency just hours after the ransomware attack, according to Bloomberg.
After payment was delivered, the hackers gave Colonial a decrypting tool to get its disabled computer network up and running. However, the tool moved very slowly, forcing the company to continue using backups to restore the system, a source said.
Deputy National Security Advisor Anne Neuberger asserted that companies are sometimes forced to pay ransoms, saying, “We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data.”