Five years ago, an attack on nearly two dozen US natural gas utilities set off alarm bells in the US intelligence community. A hacker using the nickname UglyGorilla stole troves of sensitive data from gas pipeline companies, breaching the nation’s 300,000-mile web of steel that is a critical backbone for the nation’s economy.
News of the hacks trickled out in May 2012. Homeland security officials scrambled to schedule classified briefings with U.S. pipeline operators, and the wheels of law enforcement started building the case.
Two years later, the Justice Department unveiled charges against five members of an elite cyber division of China’s military, outing People’s Liberation Army officer Wang Dong as UglyGorilla and throwing light on a wide-ranging “sophisticated” campaign of cybertheft dating back to 2006.
Wang’s pipeline hacking spree peaked between December 2011 and June 2012, according to multiple sources. Since then, increased reliance on natural gas for power generation has made the gas transmission system one of the most consequential hacking targets in the country. Today, Wang and his team likely hold some of the blueprints needed to launch a cyberattack that could plunge parts of the nation into darkness for days, if not a lot longer, experts say.
Many gas companies say they have shored up security since then. But the sector’s overall cyber readiness is a black box even to those charged with overseeing it, an Energywire investigation found. The Transportation Security Administration, better known and better funded for its role in aviation security, is tasked with ensuring the nation’s biggest gas transmission companies stay at least a step ahead of hackers. Yet TSA’s pipeline security office remains critically understaffed to tackle cybersecurity.
Meanwhile, the number of “advanced, persistent threats” going after US energy systems has only grown since Wang’s alleged series of intrusions. “There appears to be an increasing level of activity, sophistication, and maturity of threat actors, in particular nation-state actors, that wish to disrupt the US bulk power system and the US gas transmission or distribution system,” gas and electric utility holding company Dominion Energy noted in a recent filing with the Securities and Exchange Commission, echoing similar disclosures from many of its publicly traded peers in the industry.
The Department of Homeland Security considers the threat of disruption to be low. But the impact could be enormous. William Evanina, director of the National Counterintelligence and Security Center in the Office of the Director of National Intelligence, said in March that a briefing from energy officials on the pipeline threat “really scared me.”
He noted that “if we have a cyberattack from one of our adversaries, and they hit the power grid in the East Coast,” federal authorities have a good handle on the amount of time it would take to recover. “If the natural gas is shut off … [there’s] not even an estimate,” he said.