Natural gas ransomware attack offers critical lessons for electric utilities, analysts say

A ransomware attack shut down a natural gas compressor station for two days causing a “loss of productivity and revenue,” according to an alert last week from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The disruption represents a growing threat to the domestic energy sector, with more sophisticated attacks beginning to target the industrial control systems (ICS) which help to run electric grids and pipeline systems. The compressor station attack began on the information technology (IT) side of a pipeline company’s operations, but spread to the operations technology (OT) side because of a lack of system segmentation, experts say.

“Most utilities don’t have IP enabled smart grid at any scale and SCADA is a little harder to attack,” RunSafe CEO Joe Saunders said. “But as they shift, they need protection in this area. Older operating and information systems need to be protected or upgraded.”