First the Chinese bought the fracking shale so they could ship it overseas. Now they have hacked into the control systems of the gas pipelines. So they can blow them up whenever they want to. From China. How many of these Fracking Chinese Pipe Bombs do you want in your town ?
By DAVID E. SANGER
Published: May 6, 2013 Comment
WASHINGTON — The Obama administration on Monday explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map “military capabilities that could be exploited during a crisis.”
U.S. Demands China Block Cyberattacks and Agree to Rules (March 12, 2013)
In Wake of Cyberattacks, China Seeks New Rules(March 11, 2013)
China Says Army Is Not Behind Attacks in Report(February 21, 2013)
While some recent estimates have more than 90 percent of cyberespionage in the United States originating in China, the accusations relayed in thePentagon’s annual report to Congress on Chinese military capabilities were remarkable in their directness. Until now the administration avoided directly accusing both the Chinese government and the People’s Liberation Army of using cyberweapons against the United States in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage.
Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.
From December 2011 through June 2012, cyberspies targeted 23 gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks, says the Department of Homeland Security (DHS) report.
The report does not mention China, but the digital signatures of the attacks have been identified by independent cybersecurity researchers as belonging to a particular espionage group recently linked to China’s military.
The confluence of these factors – along with the sensitive operational and technical details that were stolen – make the cyberbreaches perhaps among the most serious so far, some experts say. The stolen information could give an adversary all the insider knowledge necessary to blow up not just a few compressor stations but perhaps many of them simultaneously, effectively holding the nation’s gas infrastructure hostage. Nearly 30 percent of the nation’s power grid now relies on natural gas generation.
“This theft of key information is about hearing the footsteps get closer and closer,” says William Rush, a retired scientist formerly with the Gas Technology Institute who chaired the effort to create a cybersecurity standard applicable to the gas pipeline industry.
“Anyone can blow up a gas pipeline with dynamite. But with this stolen information, if I wanted to blow up not one, but 1,000 compressor stations, I could,” he adds. “I could put the attack vectors in place, let them sit there for years, and set them all off at the same time. I don’t have to worry about getting people physically in place to do the job, I just pull the trigger with one mouse click.”
The report comes at a time of growing US-China tensions over cyberespionage. President Obama called for tighter cybersecurity of critical US infrastructure in his State of the Union speech. This month, the White House also released an executive order that attempts to bolster cybersecurity among agencies that regulate electric utilities and other key industries. Congress, however, continues to resist legislation to mandate that such companies meet specific cybersecurity performance standards.
The attacks chronicled in the new DHS report were first reported in an exclusive Monitor article in May 2012, but the report offers confirmation, as well as further details and insights. Of the natural-gas pipeline operators targeted, 10 were infiltrated, another 10 cases are still being investigated, and three were “near misses,” in which the companies narrowly avoided infiltration of their networks, according to the report, titled “Active Cyber Campaigns Against the US Energy Sector” and compiled by DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Sensitive files were stolen that could give a cyberintruder the ability to control, or alter the operation of the pipelines, including usernames, passwords, personnel lists, system manuals, and pipeline control system access credentials, the report says.
“The data exfiltrated could provide an adversary with the capability to access US [oil and natural gas industrial-control systems], including performing unauthorized operations,” the report concludes. The stolen files were part of a “sophisticated attack shopping list.”
So might add this to your comments on proposed new pipelines: