A US gas pipeline operator was infected by malware—your questions answered

reader comments

74 with 39 posters participating, including story author

Tuesday’s news that a ransomware infection shut down a US pipeline operator for two days has generated no shortage of questions, not to mention a near-endless stream of tweets.

Some observers and arm-chair incident responders consider the event to be extremely serious. That’s because the debilitating malware spread from the unnamed company’s IT network—where email, accounting, and other business is conducted—to the company’s operational technology, or OT, network, which automatically monitors and controls critical operations carried out by physical equipment that can create catastrophic accidents when things go wrong.

Others said the reaction to the incident was overblown. They noted that, per the advisory issued on Tuesday, the threat actor never obtained the ability to control or manipulate operations, that the plant never lost control of its operations, and that facility engineers deliberately shut down operations in a controlled manner. This latter group also cited evidence that the infection of the plant’s industrial control systems, or ICS, network appeared to be unintentional on the part of the attackers.

Assessing the threat that the event posed to public safety requires an understanding of ICS and the way ransomware infections have evolved. What follows are answers to some of the most frequently asked questions:

What happened?

Details are frustratingly scarce. According to an advisory published by the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, the ransomware infected an unnamed natural gas compression facility. The attack started with a malicious link in a phishing email that allowed attackers

Continue reading – Article source