CISA Shares Details About Ransomware that Shut Down Pipeline Operator

CISA Shares Details About Ransomware that Shut Down Pipeline Operator

The Cybersecurity and Infrastructure Security Agency released details about a ransomware attack on an undisclosed natural gas compression facility that decided to deliberately shut down for two days in order to ensure control of operations. 


“Although they considered a range of physical emergency scenarios, the victim’s emergency response plan did not specifically consider the risk posed by cyberattacks,” CISA said in an alert Tuesday. “The victim cited gaps in cybersecurity knowledge and the wide range of possible scenarios as reasons for failing to adequately incorporate cybersecurity into emergency response planning.”


CISA did not reveal any information regarding when the attack took place, but the cybersecurity firm Dragos “assesses with high confidence” that the event described was the same as a December attack on the Coast Guard.


CISA has been working to acquire more information on vulnerabilities from private-sector owners of critical infrastructure to glean patterns and inform long-term planning and mitigation measures across the ecosystem. 


The details of the attack in the Tuesday alert are key to developing the kind of metrics lawmakers such as Rep. Jim Langevin, D-R.I., have said are crucial for developing “evidence-based” cybersecurity policy and could become more standardized if recommendations from the Cyberspace Solarium are implemented.  


According to the CISA alert, the pipeline operator never lost control of operations. However, the operator opted to shutdown operations for two days, leading to a loss of productivity and revenue.


The term “loss of productivity and revenue” is a technical one. It’s