Malware was intended to attack LNG plants, U.S. says

by Adam Said April 13, 2022

Placeholder while article actions load

U.S. officials announced Wednesday the discovery of an alarmingly sophisticated and effective system for attacking industrial facilities that includes the ability to cause explosions in the energy industry.

The officials did not say which country they believed had developed the system, which was found before it was used, and they kept mum about who found the software or how.

But private security experts who worked in parallel with government agencies to analyze the system said it was likely Russian, that its top target was probably liquefied natural gas production facilities, and that it would take months or years to develop strong defenses against it.

That combination makes the discovery of the system, dubbed Pipedream by industrial control security experts Dragos Inc., the realization of the worst fears of longtime cybersecurity experts. Some compared it to Stuxnet, which the United States and Israel used more than a dozen years ago to damage equipment used in Iran’s nuclear program.

Because the program manipulates equipment found in virtually all complex industrial plants rather than capitalizing on unknown flaws that can be easily fixed, almost any plant could fall victim, investigators said.

“This is going to take years to recover from,” said Segrio Caltagirone, vice president of threat intelligence at Dragos and a former global technical lead at the National Security Agency.

The initial report of the system’s discovery came in a joint warning notice issued by the NSA, the Department of Energy, the Cybersecurity and Infrastructure Security Agency and the FBI. The agencies urged the energy sector and others to install monitoring programs and require multifactor authentication for remote logins, among other steps.

Dragos said the malicious computer code was probably aimed at liquefied natural gas plants because its most detailed attack methods appeared intended to target equipment that would be in such facilities.

The software is intended to take advantage of longstanding issues that make defending control systems difficult. Those include the industry’s requirements for compatibility among products made by different vendors, which means that data flowing from one type of equipment to the next must do so unencrypted.

Another systemic flaw is that it is hard to monitor is what is going on inside physical equipment.

Perhaps the most concerning aspect of the software was its seeming effort to target the way most industrial facilities protect themselves from cyberattack by keeping aspects of the operation separated from one another.

Pipedream can target hundreds of types of what are known as programmable logic controllers, or PLCs, which link operations. A few previous industrial attacks, including one attributed by Western intelligence to Russia against energy facilities, attacked a specific kind of PLC used in safety equipment. But Pipedream goes further, using the omnipresent code in PLCs to break through layers and probe more deeply into the heart of a facility.

Based largely on previous attacks, security firm Mandiant said Russia was probably behind the new system and that those at greatest risk from it in the near term included Ukraine and NATO countries protecting it from Russia’s attack.

Liquefied natural gas, including from the United States, is playing a growing role as an alternative to Russian oil and gas imports that the European Union has pledged to reduce because of the invasion.

Loading…

Malware was intended to attack LNG plants, U.S. says

Leave a Reply Cancel reply