Cyber attacks against the energy industry grew at an “alarming rate” in 2012, making up 40 percent of all attacks, according to a quarterly update from the U.S. Department of Homeland Security.
“Throughout 2011 and 2012, intelligence, industry, and media reporting have all shown an increasing trend in cyber attacks targeted at energy and pipeline infrastructure around the world,” said the report, published by the department’s Industrial Control Systems Cyber Emergency Response Team.
The attacks ranged in their approaches. One, for example, used emails to draw workers, including those at pipeline companies, to click on links that would download malware onto their computers, according to the report.
Another involved sophisticated malware moved onto a computer system at a power generation facility through a USB drive, the report said. The malware was discovered on the drive only after an employee complained to technical support specialists that it was not functioning properly.
When the drive was “inserted into a computer with up-to-date antivirus software, the antivirus software produced three positive hits,” the report said.
Though the frequency of attacks targeting energy infrastructure has grown, the Transportation Safety Administration, which is responsible for implementing security programs for pipelines and many of the nation’s energy assets, has no mandatory safety standards related to cyber security at such facilities.
The TSA has issued extensive guidelines, however, to enhance the security of the pipeline industry.
“This guidance provides TSA’s explicit recommendations for pipeline industry security practices, to include cyber asset security measures,” TSA spokesman Luis Casanova said in an email. “The Pipeline Security Guidelines represent a consensus standard between government and industry for an effective pipeline security program.”