Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations cowski on being selected by the Eng-Tips community for having the most helpful posts in the forums last week. Way to Go!
Petrolem Pipeline Hack 7
- Thread starter hacksaw
- Start date
JohnRBaker
Mechanical
Cyber attack shuts down top U.S. fuel pipeline network
John R. Baker, P.E. (ret)
EX-'Product Evangelist'
Irvine, CA
Siemens PLM:
UG/NX Museum:
The secret of life is not finding someone to live with
It's finding someone you can't live without
John R. Baker, P.E. (ret)
EX-'Product Evangelist'
Irvine, CA
Siemens PLM:
UG/NX Museum:
The secret of life is not finding someone to live with
It's finding someone you can't live without
Custody transfer is computerized, so either total chaos, or surreptitious changes of recipients.
TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! faq731-376 forum1529 Entire Forum list
TTFN (ta ta for now)
I can do absolutely anything. I'm an expert! faq731-376 forum1529 Entire Forum list
Custody transfer must interact with the markets where customers reserve product delivery. So complete separation of IT and OT is not possible.
This makes securing the system a more complex problem.
The need for pipeline operators to pay attention has been identified for some time.
Pipeline Cybersecurity Initiative, Cybersecurity & Infrastructure Security Agency
This article is has some details about the attack.
Colonial Hackers Stole Data Thursday Ahead of Shutdown; Bloomberg, Cybersecurity By Jordan Robertson and William Turton, May 8, 2021, 10:57 PM EDT. Updated on May 8, 2021, 11:59 PM EDT
This makes securing the system a more complex problem.
The need for pipeline operators to pay attention has been identified for some time.
Pipeline Cybersecurity Initiative, Cybersecurity & Infrastructure Security Agency
This article is has some details about the attack.
Colonial Hackers Stole Data Thursday Ahead of Shutdown; Bloomberg, Cybersecurity By Jordan Robertson and William Turton, May 8, 2021, 10:57 PM EDT. Updated on May 8, 2021, 11:59 PM EDT
When IT holds all the virtual keys to the castle and the moat is only full of virtual water.
Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.
Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.
![[poke]](/data/assets/smilies/poke.gif "[poke] [poke]")
electricpete
Electrical
> How can a modern system, like this be hacked?
It seems in general over the last 20 years we have been very quick to take advantage of expanding digital capabilities in many areas, especially internet based commerce. But cyber security measures often have not kept pace with that expansion and cyber attackers have continued to refine their craft. We now find ourselves very dependent on a fragile cyber infrastructure.
That's just my general comment / perception about the state of things today, I have no insight into the gas pipeline situation.
=====================================
(2B)+(2B)' ?
It seems in general over the last 20 years we have been very quick to take advantage of expanding digital capabilities in many areas, especially internet based commerce. But cyber security measures often have not kept pace with that expansion and cyber attackers have continued to refine their craft. We now find ourselves very dependent on a fragile cyber infrastructure.
That's just my general comment / perception about the state of things today, I have no insight into the gas pipeline situation.
=====================================
(2B)+(2B)' ?
LittleInch
Petroleum
The clue is in the "modern system" bit. My guess is that the PC's that run the system probably run WIN95 or even earlier operating systems, long since given up by MS. Even Windows XP is no longer supported or patched.
The system probably still worked and so long as you didn't fiddle with it it just kept rolling along and avoided needing to change the bespoke software for all of the Microsoft changes in operating systems.
Remember - More details = better answers
Also: If you get a response it's polite to respond to it.
The system probably still worked and so long as you didn't fiddle with it it just kept rolling along and avoided needing to change the bespoke software for all of the Microsoft changes in operating systems.
Remember - More details = better answers
Also: If you get a response it's polite to respond to it.
electricpete,
I think your general comment is quite relevant. Every company, even banks, say they care about cyber security but spend almost nothing on it compared to everything else. And why should they? They get slapped with a comically small fine and the public quickly forgets about the millions of accounts with compromised data.
I think your general comment is quite relevant. Every company, even banks, say they care about cyber security but spend almost nothing on it compared to everything else. And why should they? They get slapped with a comically small fine and the public quickly forgets about the millions of accounts with compromised data.
MacGyverS2000
Electrical
I'd say XP is the more likely candidate...LittleInch said:
Dan - Owner
I think the problem is the result of getting the commercial end to electronically interface with the operational end, then they fire the data entry clerk that previously acted as an air gap between the two.
Even I keep one computer entirely off the net. Sometimes a PIA, but it works. Its never been hacked.
Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.
Even I keep one computer entirely off the net. Sometimes a PIA, but it works. Its never been hacked.
Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.
JohnRBaker
Mechanical
Our youngest son works for a company that provides recovery and remediation services for companies to protect their networks and servers. He said it's amazing how many companies just assume that it will never happen to them. He also said that technology is getting too good, that it's actually hurting companies and industry. Back when disk failures were common, everybody did daily and weekly backups. Now people think that, Oh, I have a mirror server on our network so we're good to go, not realizing that if their network gets hacked both the primary and the mirror servers are in jeopardy. He said that his company is getting rich in the current environment, and he's not doing too bad himself as he gets a salary plus a percentage of his billable hours (he also managed to get a job for his girlfriend working as a project coordinator, not actual IT work, more making sure that the customer is getting the answers that they need).
John R. Baker, P.E. (ret)
EX-'Product Evangelist'
Irvine, CA
Siemens PLM:
UG/NX Museum:
The secret of life is not finding someone to live with
It's finding someone you can't live without
John R. Baker, P.E. (ret)
EX-'Product Evangelist'
Irvine, CA
Siemens PLM:
UG/NX Museum:
The secret of life is not finding someone to live with
It's finding someone you can't live without
You must be referring to hacking technology, because it does not seem to be the reverse. The more they build, the more holes they seem to have. And they have holes that they claim they don't know about and reward white hats to find them, then they don't even patch them until the exploits are discovered and attacked and now have to rely on the FBI to mop up their mess. All the GOV soldiers can't even keep them at bay anymore. Its a total disgrace, to coin a phrase.
I agree with the rest. The company IT guys can hardly add a new user, never mind actually fix anything. If DOE etc. can't even keep them away, what chance do the rest of us have.
Look at the bright side. We will get to see what happens when there is no more gasoline on the east coast.
Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.
I agree with the rest. The company IT guys can hardly add a new user, never mind actually fix anything. If DOE etc. can't even keep them away, what chance do the rest of us have.
Look at the bright side. We will get to see what happens when there is no more gasoline on the east coast.
Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.
MacGyverS2000
Electrical
As an east-coaster, I'm not looking forward to any such thing1503-44 said:
![[3eyes]](/data/assets/smilies/3eyes.gif "[3eyes] [3eyes]")
I was in FL when one of the big ones hit the coast, and lines at the gas stations were hours-long fiascos.Dan - Owner
From the news..."The FBI has confirmed that the Russian criminal gang known as DarkSide are responsible for the attack that shut down America's largest fuel pipeline four days ago and sent gas prices surging - as experts fear the attack could turn a 'cyber disaster into a real-world catastrophe'.
The attack on Colonial Pipeline, which runs from Texas to New Jersey and transports 45 percent of the East Coast's fuel supply, is the largest assault on US energy infrastructure in history and has sent shockwaves across the industry."
It may not be a Russian criminal gang that did it. They've confirmed wrong stuff before... but where there's smoke...
Rather than think climate change and the corona virus as science, think of it as the wrath of God. Feel any better?
-Dik
The attack on Colonial Pipeline, which runs from Texas to New Jersey and transports 45 percent of the East Coast's fuel supply, is the largest assault on US energy infrastructure in history and has sent shockwaves across the industry."
It may not be a Russian criminal gang that did it. They've confirmed wrong stuff before... but where there's smoke...
Rather than think climate change and the corona virus as science, think of it as the wrath of God. Feel any better?
-Dik
oldfieldguy
Electrical
Interesting that one reaction from the present administration is to loosen some regulations on trucking to alleviate the possible shortfalls.
Numbers I get is that the pipe was doing 2.5 million barrels a day. At 42 gallons per barrel, that's 105 million gallons. Thinking that most of the trucks I see can do 7000 gallons, that's mere 15,000 trucks hauling to bypass the pipe.
Wanna be a truck driver?
old field guy
Numbers I get is that the pipe was doing 2.5 million barrels a day. At 42 gallons per barrel, that's 105 million gallons. Thinking that most of the trucks I see can do 7000 gallons, that's mere 15,000 trucks hauling to bypass the pipe.
Wanna be a truck driver?
old field guy
There is a critical shortage of tanker drivers already. It apparently requires too much know how, training and paperwork. Trucks are available.
Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.
Statements above are the result of works performed solely by my AI providers.
I take no responsibility for any damages or injuries of any kind that may result.
From another source, "The FBI confirmed Monday that the culprit is a strain of ransomware called DarkSide, believed to be operated by a Russian cybercrime gang referred to by the same name." ... there's that 'believed to be'... all over again. You have no idea of what was actually said. The FBI may have said something, the politicians say another and the newsguys say something else... gets more and more confusing.
Rather than think climate change and the corona virus as science, think of it as the wrath of God. Feel any better?
-Dik
Rather than think climate change and the corona virus as science, think of it as the wrath of God. Feel any better?
-Dik
- Status
Similar threads
- Locked
- News
- Locked
- Question