The oil and natural gas industry should remain vigilant against cyberattacks as global tensions mount and threaten U.S. critical infrastructure, according to Federal Bureau of Investigation (FBI) director Christopher Wray.
The Chinese Communist Party (CCP) has repeatedly sponsored cyberattacks against the United States and has “made it clear that it considers every sector that makes our society run fair game, and its bid to dominate on the world stage,” Wray said recently at Vanderbilt University.
The issue has been prevalent for years, according to Wray. From 2011-2013, “China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies.”
That campaign involved spear-phishing tactics to steal information via malware or targeted emails. In total, CISA and FBI found that 23 natural gas pipeline operators had been affected, including 13 that were confirmed compromised, three that were almost compromised and seven that were unaware of how bad the cyberattack affected them.
The Cybersecurity and Infrastructure Security Agency (CISA) and FBI determined that the CCP-backed cyber attacks targeted pipeline infrastructure “ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations,” according to the agencies.
Wray said, “To the average person, critical infrastructure is largely invisible. These are sectors whose existence we don't often think about or appreciate as long as they're working right. But these vital sectors we're talking about…form the backbone of our society.”
CCP’s “plan is to land low blows against civilian infrastructure to try to induce panic and break Americans,” Wray said.
Influencing “America’s responses to its aggression” would benefit CCP as it works to “build the capability to deter U.S. intervention between China and Taiwan by 2027,” the FBI director told the audience.
Threat Landscape
In about three years, the FBI and other U.S. intelligence agencies are estimating that China’s President Xi Jinping may begin a military campaign against the island nation. During the Chinese Civil War, the government of the Republic of China fled to Taiwan and claimed independence from CCP, though the People’s Republic of China (PRC) has not recognized the status of Taiwan and is seeking reunification.
The U.S. Office of the Director for National Intelligence (ODNI) in the 2023 Annual Threat Assessment laid out the case.
“If Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure,” ODNI stated. “China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems.”
CISA, FBI and the National Security Agency (NSA), as well as security agencies in Australia, Canada and the UK, earlier this year warned that a CCP-sponsored group known as Volt Typhoon may have had access over the last five years to critical infrastructure systems.
Volt Typhoon “has compromised the information technology environments of multiple critical infrastructure organizations,” the groups said. The organizations listed included communications, energy and transportation systems, as well as water and wastewater systems throughout the United States and its territories. Canada’s critical infrastructure also was impacted, according to the agencies.
Defensive Collaboration
As private companies own and operate most of the critical infrastructure in the United States, the sector “plays a critical defensive role and also generates vital information about what adversaries are doing or preparing to do against us,” Wray said.
To that end, the Federal Energy Regulatory Commission recently proposed revamped rules for natural gas pipelines and gas-fired generation plants. The rules may “strengthen the cybersecurity practices utilized by the industry through the mitigation of potential vulnerabilities and the use of secure communication and encryption methodologies” (No. RM96-1-043).
Meanwhile, the Interstate Natural Gas Association of America (INGAA), which represents 26 U.S. midstream companies operating 200,000 miles of pipelines, has been made aware of the potential risk from cyber attack by China. INGAA’s Maggie O’Connell, director of Security, Reliability and Resilience, discussed the potential risks posed by the PRC.
“We don’t believe the threat is currently increasing, but it is a real threat,” O’Connell told NGI.
The additional resources from U.S. intelligence agencies and companies put toward “understanding PRC cyber activity have given us greater visibility into the evolving tactics, techniques and procedures” of Volt Typhoon and similar actors, O’Connell said.
INGAA members “respond to a range of security issues, from cybersecurity to physical security threats, including domestic and environmental violent extremists, drones and other suspicious activity.
“Without knowledge of any imminent threat, no one issue takes precedence over another,” O’Connell said. “Any security issue – cyber or physical – that has the potential to impact operations or the safety of personnel and the community will always be prioritized.”
