WASHINGTON — Hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago, the Biden administration revealed Tuesday, while also issuing the first of its kind cybersecurity requirements for the pipeline industry.
The disclosure of previously classified information about China’s aggressive hacking campaign, though dated, underlined the seriousness of foreign cyber threats to the country’s infrastructure, current and former officials said. In some cases, the hackers had the ability to physically damage or disrupt compromised pipelines, according to a new cybersecurity warning, although it doesn’t appear they have done so.
Earlier, senior government officials had warned that China, Russia and others were capable of such cyberattacks. Rarely has so much information been released about a specific and apparently successful campaign.
Chinese state-sponsored hackers had targeted nearly two dozen U.S. oil and natural gas pipeline operators between 2011 and 2013 with the specific goal of “endangering U.S. pipeline infrastructure,” the Federal Bureau of Investigation and Department of Homeland Security said in the statement on Tuesday. joint alert.
Of the known targets, 13 were successfully compromised and another eight suffered an “unknown depth of intrusion,” which officials were unable to fully assess because the victims did not have full computer log data, the warning said. Another three targets were described as “near misses” by the Chinese campaign, which relied heavily on spear phishing attacks.
“This activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations,” the warning said. It added that the Chinese appeared to be carrying out the attack as part of an overarching goal to gain “strategic access” to industrial control systems for “future operations rather than for intellectual property theft”.
The FBI and DHS said they first became aware of multiple targeted attacks on oil and gas companies in April 2012 and provided recovery services to known affected victims in 2012 and 2013.
Dan Coats, who served as director of national intelligence under former President Donald Trump, publicly warned in January 2019 that China was capable of launching cyberattacks that could disable critical US infrastructure “such as disrupting a natural gas pipeline for days.” up to weeks. Coats’ testimony referred at least in part to the hacking campaign revealed in more detail in Tuesday’s warning, said a person familiar with the matter.
On Monday, the Biden administration publicly blamed the hackers on Chinese intelligence for a sweeping cyber attack on Microsoft. Corp.
email software this year, part of a global effort by dozens of countries to condemn Beijing’s malicious cyber activities. However, the public shaming did not include punitive measures, such as sanctions or diplomatic expulsions by the US
Chinese officials said the US findings described Monday were “baseless attacks.” Chinese officials did not immediately respond to a request for comment on the US pipeline intrusion allegations.
The final details of China’s hacking operations came Tuesday when the Biden administration separately issued new cybersecurity requirements for US pipeline operators intended to help protect against ransomware and other forms of disruptive hacking. The requirements were announced months after a Russian-based criminal hacking group shut down a major fuel pipeline on the east coast for nearly a week.
The Transportation Security Administration’s directive is the first of its kind to mandate certain pipeline operators designated by the federal government as critical to apply specific cybersecurity standards. It follows an earlier TSA directive in May that required pipelines to notify federal authorities when they are targets or victims of cyberattacks.
“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from evolving threats,” Homeland Security Secretary Alejandro Mayorkas said in a statement. “With this security directive, DHS can better ensure that the pipeline industry is taking the necessary steps to protect their operations from increasing cyber threats and to better protect our national and economic security.”
The directive is the latest sign that the Biden administration intends to dive into pipeline security more directly than the Trump, Obama and Bush administrations, which delayed the pipeline industry’s desire to avoid physical and cybersecurity regulations. instead preferred a more collaborative approach.
Biden administration officials did not immediately make the text of the directive available. In a statement, DHS said it would require owners and operators of critical pipelines designated by the TSA to “take specific mitigation measures to protect against ransomware attacks and other known threats” and to prepare recovery plans.
Critical infrastructure cybersecurity grew as a concern for Biden administration officials after the May ransomware attack on the Colonial Pipeline, which was followed by a rapid series of other high-profile ransomware episodes traced to criminal groups. in Russia, including one that was briefly a large meat processing company.
US intelligence officials have been warning for years about the possibility that a foreign adversary could endanger national or economic security with a destructive cyber attack on banks, hospitals or the energy sector. In 2018, for example, the Trump administration accused the Russian government of years of cyberattacks targeting US energy infrastructure, including nuclear and water facilities, which in some cases led to remote access to some compromised computer networks.
China’s decade-old campaign against pipelines appears to have been one of the most successful operations ever. Tuesday’s warning said the Chinese hackers stole victims’ documents, including passwords and system manuals, and compromised so-called jump points between corporate networks and operational networks that control pipelines.
“The totality of this information would give the actors access to networks (industrial control systems) through multiple channels and would provide sufficient access to remotely conduct unauthorized operations on the pipeline with physical consequences,” it said.
Write to Dustin Volz at [email protected]
Copyright © 2021 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8