Petrolem Pipeline Hack 7

hacksaw · May 8, 2021

How can a modern system, like this be hacked? Do they need to go back to pneumatic controls?

dik · May 8, 2021

Is there a link?

Rather than think climate change and the corona virus as science, think of it as the wrath of God. Feel any better?

-Dik

JohnRBaker · May 8, 2021

Cyber attack shuts down top U.S. fuel pipeline network

https://news.trust.org/item/20210508152642-o9z7n

John R. Baker, P.E. (ret)
EX-'Product Evangelist'
Irvine, CA
Siemens PLM:
UG/NX Museum:

The secret of life is not finding someone to live with
It's finding someone you can't live without

IRstuff · May 8, 2021

Custody transfer is computerized, so either total chaos, or surreptitious changes of recipients.

TTFN (ta ta for now)
I can do absolutely anything. I'm an expert!

https://www.youtube.com/watch?v=BKorP55Aqvg

faq731-376 forum1529 Entire Forum list

http://www.eng-tips.com/forumlist.cfm

FacEngrPE · May 9, 2021

Custody transfer must interact with the markets where customers reserve product delivery. So complete separation of IT and OT is not possible.
This makes securing the system a more complex problem.

The need for pipeline operators to pay attention has been identified for some time.
Pipeline Cybersecurity Initiative, Cybersecurity & Infrastructure Security Agency

This article is has some details about the attack.
Colonial Hackers Stole Data Thursday Ahead of Shutdown; Bloomberg, Cybersecurity By Jordan Robertson and William Turton, May 8, 2021, 10:57 PM EDT. Updated on May 8, 2021, 11:59 PM EDT

1503-44 · May 9, 2021

When IT holds all the virtual keys to the castle and the moat is only full of virtual water.

Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.

FacEngrPE · May 10, 2021

US Scrambles to Keep Fuel Flowing After Pipeline Cyberattack. Russian Cybercriminals Suspected (slashdot - bbc.com)
A major U.S. pipeline is still mostly shut due to a cyberattack. Here’s what you need to know; Published Mon, May 10 20216:26 AM EDT Abigail Ng. CNBC

OUCH [poke]

electricpete · May 10, 2021

> How can a modern system, like this be hacked?

It seems in general over the last 20 years we have been very quick to take advantage of expanding digital capabilities in many areas, especially internet based commerce. But cyber security measures often have not kept pace with that expansion and cyber attackers have continued to refine their craft. We now find ourselves very dependent on a fragile cyber infrastructure.

That's just my general comment / perception about the state of things today, I have no insight into the gas pipeline situation.

=====================================
(2B)+(2B)' ?

LittleInch · May 10, 2021

The clue is in the "modern system" bit. My guess is that the PC's that run the system probably run WIN95 or even earlier operating systems, long since given up by MS. Even Windows XP is no longer supported or patched.

The system probably still worked and so long as you didn't fiddle with it it just kept rolling along and avoided needing to change the bespoke software for all of the Microsoft changes in operating systems.

Remember - More details = better answers
Also: If you get a response it's polite to respond to it.

RVAmeche · May 10, 2021

electricpete,

I think your general comment is quite relevant. Every company, even banks, say they care about cyber security but spend almost nothing on it compared to everything else. And why should they? They get slapped with a comically small fine and the public quickly forgets about the millions of accounts with compromised data.

MacGyverS2000 · May 10, 2021

LittleInch said:
My guess is that the PC's that run the system probably run WIN95 or even earlier operating systems, long since given up by MS.

I'd say XP is the more likely candidate...

Dan - Owner

http://www.Hi-TecDesigns.com

1503-44 · May 10, 2021

I think the problem is the result of getting the commercial end to electronically interface with the operational end, then they fire the data entry clerk that previously acted as an air gap between the two.

Even I keep one computer entirely off the net. Sometimes a PIA, but it works. Its never been hacked.

Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.

JohnRBaker · May 10, 2021

Our youngest son works for a company that provides recovery and remediation services for companies to protect their networks and servers. He said it's amazing how many companies just assume that it will never happen to them. He also said that technology is getting too good, that it's actually hurting companies and industry. Back when disk failures were common, everybody did daily and weekly backups. Now people think that, Oh, I have a mirror server on our network so we're good to go, not realizing that if their network gets hacked both the primary and the mirror servers are in jeopardy. He said that his company is getting rich in the current environment, and he's not doing too bad himself as he gets a salary plus a percentage of his billable hours (he also managed to get a job for his girlfriend working as a project coordinator, not actual IT work, more making sure that the customer is getting the answers that they need).

John R. Baker, P.E. (ret)
EX-'Product Evangelist'
Irvine, CA
Siemens PLM:
UG/NX Museum:

The secret of life is not finding someone to live with
It's finding someone you can't live without

1503-44 · May 10, 2021

You must be referring to hacking technology, because it does not seem to be the reverse. The more they build, the more holes they seem to have. And they have holes that they claim they don't know about and reward white hats to find them, then they don't even patch them until the exploits are discovered and attacked and now have to rely on the FBI to mop up their mess. All the GOV soldiers can't even keep them at bay anymore. Its a total disgrace, to coin a phrase.

I agree with the rest. The company IT guys can hardly add a new user, never mind actually fix anything. If DOE etc. can't even keep them away, what chance do the rest of us have.

Look at the bright side. We will get to see what happens when there is no more gasoline on the east coast.

Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.

MacGyverS2000 · May 10, 2021

1503-44 said:
Look at the bright side. We will get to see what happens when there is no more gasoline on the east coast.

As an east-coaster, I'm not looking forward to any such thing [3eyes]

I was in FL when one of the big ones hit the coast, and lines at the gas stations were hours-long fiascos.

Dan - Owner

http://www.Hi-TecDesigns.com

dik · May 10, 2021

From the news..."The FBI has confirmed that the Russian criminal gang known as DarkSide are responsible for the attack that shut down America's largest fuel pipeline four days ago and sent gas prices surging - as experts fear the attack could turn a 'cyber disaster into a real-world catastrophe'.

The attack on Colonial Pipeline, which runs from Texas to New Jersey and transports 45 percent of the East Coast's fuel supply, is the largest assault on US energy infrastructure in history and has sent shockwaves across the industry."

It may not be a Russian criminal gang that did it. They've confirmed wrong stuff before... but where there's smoke...

Rather than think climate change and the corona virus as science, think of it as the wrath of God. Feel any better?

-Dik

oldfieldguy · May 10, 2021

Interesting that one reaction from the present administration is to loosen some regulations on trucking to alleviate the possible shortfalls.

Numbers I get is that the pipe was doing 2.5 million barrels a day. At 42 gallons per barrel, that's 105 million gallons. Thinking that most of the trucks I see can do 7000 gallons, that's mere 15,000 trucks hauling to bypass the pipe.

Wanna be a truck driver?

old field guy

1503-44 · May 10, 2021

There is a critical shortage of tanker drivers already. It apparently requires too much know how, training and paperwork. Trucks are available.

Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.

dik · May 10, 2021

Great commentary OFG...

Rather than think climate change and the corona virus as science, think of it as the wrath of God. Feel any better?

-Dik

dik · May 10, 2021

From another source, "The FBI confirmed Monday that the culprit is a strain of ransomware called DarkSide, believed to be operated by a Russian cybercrime gang referred to by the same name." ... there's that 'believed to be'... all over again. You have no idea of what was actually said. The FBI may have said something, the politicians say another and the newsguys say something else... gets more and more confusing.

Rather than think climate change and the corona virus as science, think of it as the wrath of God. Feel any better?

-Dik

Eng-Tips is the largest engineering community on the Internet

Intelligent Work Forums for Engineering Professionals

Petrolem Pipeline Hack 7

Mechanical

Recommended for you

Structural

Mechanical

Aerospace

Mechanical

Petroleum

Mechanical

Electrical

Petroleum

Mechanical

Electrical

Petroleum

Mechanical

Petroleum

Electrical

Structural

Electrical

Petroleum

Structural

Structural

Similar threads

Log in

Part and Inventory Search

Sponsor