Published Date: 2018-04-04
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident of the cyberattack on the shared data network affecting natural-gas pipeline operators happened in the last week before the article was published on April 4, 2018 [70330]. Therefore, the incident likely occurred in March 2018. |
| System | 1. Shared data network 2. Communications system 3. Gas marketing communications hub 4. Control systems 5. Safety systems 6. Grid system [70330] |
| Responsible Organization | 1. Cybercriminals, potentially working for foreign governments, were responsible for causing the software failure incident [70330]. |
| Impacted Organization | 1. Oneok 2. Energy Transfer Partners 3. Boardwalk Pipeline Partners 4. Eastern Shore Natural Gas [Cited Article: 70330] |
| Software Causes | 1. Cyberattack on a shared data network targeting a provider of electronic data-sharing between pipeline companies and their gas producer and utility customers [70330]. 2. Hackers compromising operations to gather intelligence on the gas industry, potentially causing disruptions in gas shipments and electricity production outages [70330]. 3. Increasingly sophisticated cybercriminal activities targeting the energy sector, including attacks on safety systems of petrochemical plants and grids [70330]. |
| Non-software Causes | 1. The cyberattack on the shared data network targeting the gas pipeline operators [70330]. 2. The vulnerability of the nation's energy system to cyberattacks [70330]. 3. The potential risks associated with intrusions into control systems of pipeline infrastructure [70330]. 4. The efforts by cybercriminals, potentially working for foreign governments, to target the energy sector [70330]. 5. The establishment of an office within the Department of Energy by the Trump administration to enhance cybersecurity for critical infrastructure [70330]. |
| Impacts | 1. The software failure incident resulted in the temporary shutdown of computer communications between four natural-gas pipeline operators and their customers as a precautionary measure, although gas service was not interrupted [70330]. 2. The interruption of customer transactions highlighted the potential vulnerability of the nation's energy system, emphasizing the risks associated with cyberattacks on critical infrastructure [70330]. 3. The attack targeted Latitude Technologies, a provider of electronic data-sharing between pipeline companies and their gas producer and utility customers, potentially compromising critical computer communications of gas storage facilities, sales contracts, and shipment scheduling [70330]. 4. The incident raised concerns about the potential for cybercriminals to gather intelligence on the gas industry, issue fake transactions, disrupt gas shipments, and even cause electricity production outages [70330]. 5. The Department of Homeland Security was investigating the attack, reflecting the seriousness of the incident and the need for enhanced cybersecurity measures in critical infrastructure sectors [70330]. |
| Preventions | 1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and network monitoring to detect and prevent cyberattacks [70330]. 2. Providing cybersecurity training to employees to prevent spear-phishing attacks and other social engineering tactics [70330]. 3. Ensuring secure communication protocols and encryption methods for sensitive data transmission [70330]. 4. Collaborating with government agencies like the Department of Homeland Security for threat intelligence sharing and incident response coordination [70330]. 5. Investing in secure software development practices to minimize vulnerabilities that could be exploited by attackers [70330]. |
| Fixes | 1. Enhancing cybersecurity measures such as implementing stronger network security protocols, regular security audits, and intrusion detection systems could help prevent similar cyberattacks in the future [70330]. 2. Conducting thorough investigations to identify vulnerabilities in the software systems and addressing them promptly to prevent future attacks [70330]. 3. Implementing employee training programs to educate staff on cybersecurity best practices, including how to recognize and avoid spear-phishing attacks [70330]. 4. Collaborating with government agencies like the Department of Homeland Security to share information and resources for improving cybersecurity in critical infrastructure sectors [70330]. | References | 1. Cybersecurity expert at the law firm Jones Walker in New Orleans, Andrew R. Lee [70330] 2. Cybersecurity expert at the University of Houston, Chris Bronk [70330] 3. Latitude Technologies, a Texas-based provider of electronic data-sharing between pipeline companies and their gas producer and utility customers [70330] 4. Department of Homeland Security [70330] 5. F.B.I. [70330] 6. House Committee on Science, Space and Technology [70330] 7. Employees of several pipeline companies [70330] 8. The Trump administration [70330] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: - The article mentions that American gas pipeline companies were targeted in 2012, although the damage was believed to have been limited [70330]. - It also states that last fall, hackers penetrated safety systems of a petrochemical plant in Saudi Arabia, indicating a previous incident [70330]. (b) The software failure incident having happened again at multiple_organization: - The article discusses how cybercriminals, suspected of working for foreign governments, have been increasingly active in the energy sector in recent years, indicating multiple incidents across different organizations [70330]. - It mentions an attack on Ukraine's grid in 2015 that led to extensive blackouts, showing incidents in different regions [70330]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident in the article can be attributed to the design phase. The cyberattack on the shared data network of natural-gas pipeline operators was a result of vulnerabilities in the digital systems of the pipeline infrastructure. The attack targeted Latitude Technologies, a provider of electronic data-sharing between pipeline companies and their customers, which handles critical computer communications of gas storage facilities, sales contracts, and shipment scheduling [70330]. This indicates that the failure was due to contributing factors introduced by the system development and operation procedures. (b) The software failure incident can also be linked to the operation phase. The attack disrupted the communications systems of the pipeline companies, impacting customer transactions and potentially compromising the operations of the gas industry. The attack aimed to gather intelligence on the gas industry, potentially leading to fake transactions, jumbled gas shipments, and electricity production outages [70330]. This highlights how the operation and use of the system were affected by the cyberattack. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The software failure incident reported in the article was a cyberattack on a shared data network that forced four natural-gas pipeline operators to temporarily shut down computer communications with their customers. The attack targeted Latitude Technologies, a provider of electronic data-sharing between pipeline companies and their gas producer and utility customers, which handles critical computer communications of gas storage facilities, sales contracts, and shipment scheduling [70330]. (b) outside_system: The cyberattack on the shared data network of the natural-gas pipeline operators was initiated from outside the system by unknown cybercriminals. The attack was part of a broader trend where cybercriminals, often suspected of working for foreign governments, have been increasingly active in the energy sector, targeting critical infrastructure like gas pipelines [70330]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident in this case was due to non-human actions, specifically a cyberattack on a shared data network affecting natural-gas pipeline operators [70330]. The attack targeted a provider of electronic data-sharing between pipeline companies and their gas producer and utility customers, disrupting critical computer communications of gas storage facilities, sales contracts, and shipment scheduling. The incident highlighted the vulnerability of the nation's energy system to cyber threats, emphasizing the risks associated with the increasing dependence of pipeline infrastructure on digital systems. (b) The human actions involved in this incident include the response efforts by cybersecurity experts, government agencies, and the establishment of a new office within the Department of Energy to enhance cybersecurity for critical infrastructure like nuclear plants, refineries, and pipelines [70330]. Additionally, the article mentions the House Committee on Science, Space and Technology's staff report describing Russian efforts to influence American energy markets and energy policy through social media posts, indicating human involvement in influencing energy-related cybersecurity challenges. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident reported in the article is primarily attributed to a cyberattack on a shared data network affecting natural-gas pipeline operators [70330]. This cyberattack targeted the communications system of the companies, causing interruptions in customer transactions. The attack aimed at Latitude Technologies, a provider of electronic data-sharing between pipeline companies and their customers, indicating a breach in the hardware infrastructure that facilitated the attack. (b) The software failure incident is also linked to software vulnerabilities as cybercriminals exploited weaknesses in the digital systems of the pipeline infrastructure. The attack on the gas marketing communications hub was a way to gather intelligence on the gas industry, potentially leading to fake transactions and disruptions in gas shipments [70330]. This highlights the importance of addressing software vulnerabilities to prevent such cyberattacks in the future. |
| Objective (Malicious/Non-malicious) | malicious | (a) The software failure incident reported in Article 70330 was malicious in nature. It was a cyberattack on a shared data network that targeted the gas marketing communications hub, which is a critical component of the gas industry's operations. The attack aimed to gather intelligence on the entire gas industry, potentially allowing the hackers to manipulate gas shipments and cause electricity production outages. Additionally, the attack was part of a broader trend of cybercriminals, often suspected of working for foreign governments, targeting the energy sector with increasingly sophisticated attacks [70330]. |
| Intent (Poor/Accidental Decisions) | poor_decisions | (a) The intent of the software failure incident related to poor decisions can be inferred from the article. The cyberattack on the shared data network of natural-gas pipeline operators was a deliberate act aimed at compromising operations and potentially gathering intelligence on the gas industry. The attack targeted Latitude Technologies, a provider of electronic data-sharing between pipeline companies and their customers, with the goal of disrupting communications and potentially causing disruptions in gas shipments and electricity production [70330]. (b) The software failure incident was not attributed to accidental decisions or unintended mistakes but rather a deliberate cyberattack orchestrated to gain intelligence and potentially disrupt operations in the gas industry. |
| Capability (Incompetence/Accidental) | unknown | (a) The software failure incident reported in the article was not due to development incompetence but rather a deliberate cyberattack on a shared data network affecting natural-gas pipeline operators [70330]. The attack was aimed at disrupting communications systems and potentially gathering intelligence on the gas industry. (b) The software failure incident was not accidental but a targeted cyberattack on the gas marketing communications hub, which could potentially disrupt gas shipments and cause electricity production outages [70330]. |
| Duration | temporary | (a) The software failure incident mentioned in the article was temporary. It forced four natural-gas pipeline operators to temporarily shut down computer communications with their customers as a precautionary measure. The interruption of customer transactions was noted as merely a precaution, and no gas service was interrupted [70330]. |
| Behaviour | crash, other | (a) crash: The software failure incident in the article can be categorized as a crash as it led to the temporary shutdown of computer communications with customers by four natural-gas pipeline operators. This shutdown was a precautionary measure to prevent any potential disruptions caused by the cyberattack [70330]. (b) omission: There is no specific mention of the software failure incident omitting to perform its intended functions at an instance(s) in the article. (c) timing: The software failure incident did not involve the system performing its intended functions too late or too early; rather, it led to the temporary shutdown of computer communications as a precautionary measure [70330]. (d) value: The software failure incident did not involve the system performing its intended functions incorrectly; instead, it was a response to a cyberattack on the shared data network of natural-gas pipeline operators [70330]. (e) byzantine: The software failure incident did not exhibit behavior of the system behaving erroneously with inconsistent responses and interactions as described in a byzantine failure. (f) other: The behavior of the software failure incident can be categorized as a precautionary measure taken by the natural-gas pipeline operators in response to a cyberattack on their shared data network, leading to the temporary shutdown of computer communications with customers [70330]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | sensor, processing_unit, network_communication | (a) The article mentions that the cyberattack targeted Latitude Technologies, a provider of electronic data-sharing between pipeline companies and their customers. This company handles critical computer communications of gas storage facilities, sales contracts, and shipment scheduling [70330]. This indicates that the failure could be related to the sensor layer of the cyber physical system, as it involves handling data from sensors in gas storage facilities. (b) The article does not specifically mention any actuator-related failures. (c) The cyberattack disrupted computer communications between pipeline companies and their customers, affecting critical operations such as gas storage facilities, sales contracts, and shipment scheduling [70330]. This disruption in processing unit operations could be attributed to processing errors introduced by the cyberattack. (d) The cyberattack targeted the communication hub of gas marketing, which is essential for coordinating transactions between gas producers and utility customers [70330]. This disruption in network communication indicates a failure due to contributing factors introduced by network communication errors. (e) The article does not provide direct information about failures related to embedded software. |
| Communication | link_level | (a) The failure reported in the article was related to the communication layer of the cyber physical system that failed at the link level. The cyberattack targeted the communication systems of natural-gas pipeline operators, disrupting computer communications with their customers. The attack aimed at Latitude Technologies, a provider of electronic data-sharing between pipeline companies and their gas producer and utility customers, which handles critical computer communications of gas storage facilities, sales contracts, and shipment scheduling [70330]. |
| Application | FALSE | The software failure incident described in the article [70330] was related to a cyberattack on a shared data network that affected the communication systems of natural gas pipeline operators. This cyberattack targeted the communications hub of Latitude Technologies, a provider of electronic data-sharing between pipeline companies and their customers. The attack aimed to gather intelligence on the gas industry, potentially disrupting gas shipments and causing electricity production outages. This incident was not specifically attributed to the application layer of the cyber physical system but rather to a cyberattack on the communication systems. Therefore, it does not align with the definition provided for an application layer failure. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | no_consequence, theoretical_consequence | (a) death: The article does not mention any deaths resulting from the cyberattack on the natural-gas pipeline operators' shared data network [70330]. (b) harm: The article discusses potential harm that could result from cyberattacks on energy infrastructure, such as explosions, spills, or fires that could threaten human life, property, and the environment. However, it specifically mentions that nothing close to that kind of disaster happened in this particular incident [70330]. (c) basic: The article does not mention any impact on people's access to food or shelter due to the cyberattack on the natural-gas pipeline operators' shared data network [70330]. (d) property: The cyberattack on the natural-gas pipeline operators' shared data network resulted in interruptions to customer transactions, but the companies reported that no gas service was interrupted. It was unclear whether any customer data was stolen, and the article does not mention any specific impact on people's material goods, money, or data [70330]. (e) delay: The article does not mention any delays caused by the cyberattack on the natural-gas pipeline operators' shared data network [70330]. (f) non-human: The cyberattack targeted the shared data network of natural-gas pipeline operators, which could potentially impact the functioning of control valves, pressure monitors, and other equipment connected to wireless networks. This could affect the daily functions of refineries, oil wells, and other infrastructure, but the article does not provide specific examples of non-human entities being impacted [70330]. (g) no_consequence: The article mentions that the interruption of customer transactions was merely a precaution, and no gas service was interrupted as a result of the cyberattack on the natural-gas pipeline operators' shared data network. It also states that nothing close to a disaster occurred in this particular incident [70330]. (h) theoretical_consequence: The article discusses potential consequences of cyberattacks on energy infrastructure, such as explosions, spills, fires, and disruptions to deliveries. It also mentions the risks associated with intrusions into control systems, but it clarifies that these potential consequences did not materialize in this specific incident [70330]. (i) other: The article does not mention any other specific consequences of the cyberattack on the natural-gas pipeline operators' shared data network beyond those discussed in the options above [70330]. |
| Domain | utilities | (a) The failed system was related to the utilities industry, specifically the natural-gas pipeline operators. The cyberattack targeted the shared data network used by natural-gas pipeline companies for communication with their customers [70330]. The attack disrupted customer transactions and communications systems of companies like Oneok, Energy Transfer Partners, Boardwalk Pipeline Partners, and Eastern Shore Natural Gas [70330]. (g) The failed system was intended to support the utilities industry, particularly the gas industry. The cyberattack targeted the gas marketing communications hub, which handles critical computer communications of gas storage facilities, sales contracts, and shipment scheduling [70330]. The attack aimed to gather intelligence on the entire gas industry, potentially disrupting gas shipments and causing electricity production outages [70330]. |
Article ID: 70330