A warning sign is seen at the edge of a transfer line area at the Dominion Cove Point Liquefied Natural Gas (LNG) Terminal in Lusby, Maryland March 18, 2014. REUTERS/Gary Cameron (UNITED STATES)/File Photo
WASHINGTON, April 13 – Advanced hackers have shown they can take control of a range of devices that help run power plants and manufacturing facilities, the US government said in an alert on Wednesday, warning of the potential that cyber spies could cause critical infrastructure damage.
The US Agency for Cybersecurity and Infrastructure Security and other government agencies issued a joint advisory that the hackers’ malicious software could affect a type of device called programmable logic controllers made by Schneider Electric (SCHN.PA) and OMRON Corp (6645.T).
OMRON did not immediately return a message requesting comment. A Schneider spokesman confirmed that it had been working with US officials to defend against the hackers, calling it “an example of successful collaboration to mitigate threats to critical infrastructure before they emerge.”
The controllers are common across a variety of industries – from gas to food production plants – but Robert Lee, chief executive of cybersecurity firm Dragos, which helped uncover the malware, said researchers believed the hackers’ intended targets were liquefied natural gas and electrical systems.
In its warning, the Cybersecurity Agency urged critical infrastructure organizations, “especially energy sector organizations,” to implement a set of recommendations aimed at blocking and detecting the cyberweapon called Pipedream.
Although the government’s warning was vague — it didn’t say which hackers were behind the malware or whether it had actually been used — it sparked concern across the industry.
In a sign of how seriously the discovery was taken, CISA said it was making its announcement alongside the Department of Energy, the National Security Agency and the FBI.
Programmable logic controllers, or PLCs, are embedded in a large number of plants and factories, and any disruption to their operation can cause damage, from shutdowns and power outages to chemical leaks, destroyed equipment, or even explosions.
Lee said the tool developed by the mysterious hackers is “very powerful” and has likely been in the works for several years.
“It’s as dangerous as people make it out to be,” Lee said in an interview.
Western cybersecurity officials are already nervous about the Russian invasion of Ukraine and the use of malware aimed at causing power outages.
Sergio Caltagirone, vice president of threat intelligence at Dragos, said Pipedream can be understood as a “toolbox” of various hacking tools. Each component provides a different way of bypassing normal controls, giving hackers a variety of options for launching attacks.
For example, Caltagirone said that one of the tools in Pipedream would have allowed the attackers to damage Schneider Electric’s PLC to the point that it would have to be replaced entirely.
“Due to existing supply chain challenges, it could take longer to get replacement controllers after such an attack,” Caltagirone said. “That means a liquefied natural gas plant could be out of service for months.”
Reporting by Christopher Bing and Raphael Satter in Washington and James Pearson in London; additional reporting by Matthieu Protard in Paris; Editing by Leslie Adler and Howard Goller