Utilities under siege: What's being done to protect pipelines from threats

This browser does not support the video element.

The September 13 explosions and fires in the Merrimack Valley have raised serious questions about the safety of natural gas.

Lawrence Police Chief Roy Vasque briefly worried his city was under attack when hundreds of 911 calls flooded the department's dispatch center.

"I initially thought some type of domestic terrorism type of event. There was that thought in my mind, is this just going to keep happening, is this going to continue to the other sections of Lawrence." Chief Vasque told Boston 25 News.

The NTSB determined the catastrophe was the result of human error when high-pressure natural gas was released into a low-pressure gas distribution system.

But Boston 25 News has learned the initial terror concerns of Chief Vasque are shared in the highest levels of law enforcement.

Energy scholar calls cyber attack 'foreseeable'

There are 2.5 million miles of oil, gas and chemical pipelines in the U.S. and the vast majority of it is controlled by a computer.

Joe Dancy is the executive director of the Oil and Gas, Natural Resources, and Energy Center at the University of Oklahoma's College of Law in Norman, Oklahoma.

In the March 2017 edition of the OU College of Law's Oil and Gas, Natural Resources, and Energy Journal,  Dancy and a colleague highlighted concern over pipeline cybersecurity writing, "At the extreme end of the spectrum a large cyberattack... could bring about a collapse of society that most of us associate with apocalyptical scenarios."

"Today, it's very foreseeable that we will have some type of cyber impact." Dancy said in an interview with Boston 25 News adding, "If you wanted to create havoc in a city, what better way to do it then to either shut off the natural gas or to increase the pressure in the natural gas."

Millions of attempts made daily

There's never been a catastrophe from an attack on a pipeline or storage facility in the United States, but attempts have been made.

In September, Connecticut's Chief Cybersecurity Risk Officer Arthur H. House reported an increase in the volume and sophistication of hackers trying to breach the state's four public utilities.

In a letter to that state's governor, House noted "attempted penetration contacts varying from a few thousand to over 10 million a week."

In April, cyberattacks forced four U.S. pipeline companies to temporarily shut down their electronic systems for communicating with customers.

In March, the Trans-Alaska Oil Pipeline reported an average of 22 million attempted cyberattacks a day.

'We could do a lot of damage'

Adriel Desautels is the founder and CEO of Stowe, Mass.-based computer security firm Netragard. Companies looking to expose and fix vulnerabilities hire the former hacker to try and penetrate their networks.

Desautels says he’s successfully breached several energy clients.

"If we can do it other people can do it, right?  When we get into those systems if we are thinking along the lines of someone who wanted to cause damage we could cause a lot of damage," Desautels explained.

Senator Ed Markey, D-Mass., believes the Merrimack Valley disaster is a powerful wake-up call for utilities and the people who depend on them.

In June, Markey and Sen. Orrin Hatch, R-Utah, introduced the Promoting Good Cyber Hygiene Act. The bill would require federal authorities to monitor and set best practices for safeguarding against cyber attacks in the private sector.

"We have to ensure that each company has provided the highest level of security to make sure a terrorist cannot, in fact, take natural gas and turn it into a weapon against families in Massachusetts or any other parts of the country," Markey said.

This browser does not support the video element.