Cyberattack Forces Closure of Largest U.S. Refined-Fuel Pipeline

[Dinglenutz]

There is little excuse for mission critical systems to have internet access in 2020 and beyond. In fact it was never a good idea but one would think the lesson was learned.

 

[The Heretic]

There is little excuse for mission critical systems to have internet access in 2020 and beyond. In fact it was never a good idea but one would think the lesson was learned.

For control, which was apparently exposed in some fashion, agreed.

A dashboard for status/alerts could have been fashioned in a secure manner though. I imagine that the control system probably needed remote control for sensors/controls along the pipeline - but a private VPN/etc. could be used for that purpose and should be secure enough to prevent intrusion.

My guess is that somebody somewhere decided they did not want to pay for 24/7/365 onsite monitoring and control, so they allowed for remote control and paid less for someone to be on call with immediate remote access (probably necessary to control spills/etc. as quickly as possible).

 

[nammac]

As of 16:00 PDT the pipelines full operation has been restored, spokesperson said it could take a week or more before the supply to gas stations were at normal standard operations...

 

[po18guy]

So that explains why gas price and availability are now = ammo?

 

[Foreverlost]

For control, which was apparently exposed in some fashion, agreed.

A dashboard for status/alerts could have been fashioned in a secure manner though. I imagine that the control system probably needed remote control for sensors/controls along the pipeline - but a private VPN/etc. could be used for that purpose and should be secure enough to prevent intrusion.

My guess is that somebody somewhere decided they did not want to pay for 24/7/365 onsite monitoring and control, so they allowed for remote control and paid less for someone to be on call with immediate remote access (probably necessary to control spills/etc. as quickly as possible).

Chiming in: Yup to the word "control". Nope to the use of a VPN..............useless.
So first look up, search for Distributed Control System; DCS. Then down one rung on the ladder, Programable Logic Controller; PLC. Last stop Human Machine Interface; HMI.

There are just a few companies that manufacture a DCS. That means just about every country has many and can program them & hack them. Your search should of found Siemens, ABB, Honeywell & a few others. I've played with some of these and the function code language, script, ladder logic isn't that hard to learn. Down a rung............PLC's: Bristol Babcock, Allen Bradley, are some that still rings bells. Easy......Peasy. Bottom rung HMI's: good old Microsoft PC, maybe a few Unix based oldie moldies.

A pipeline that long has a DCS somewhere doing the lion's share of work. Lateral line splitting off to different customers will have a control station and most likely a PLC. The human part is some operator sitting in front of a HMI in a control room, thousands of miles away from the action.

The bean counters for decades have been cutting the human factor out of the picture as much as possible. That leave a big hole for hackers. The lateral line stations are interesting targets. In the past, employees with an axe to grind have been known to insert a line of code/bug for grins & giggles. (seen that one several times) Our IT required equipment to be sent back to their location without prior notice. They checked it for virus, bugs, malware, & porn of all things. Never ever use a company laptop on the internet: N...E...V...E...R!!!! Seen some great talent hit the bricks for porn on their laptops.

Big game of cat & mouse! Foreign countries and hackers have 24 hours every day to find a crack in the wall or a willing employee.

Foreverlost,

 

[po18guy]

Only self-contained, stand alone can be "reasonably" secured. For all we know, it could have been a ransom attack - inside job even.

 

[The Heretic]

Chiming in: Yup to the word "control". Nope to the use of a VPN..............useless.

I should have said private dedicated line - that is what I meant.

Not an IT guy - I just write code.

 

[Foreverlost]

I should have said private dedicated line - that is what I meant.

Not an IT guy - I just write code.

Considering the length of Colonial's pipeline, my money is on the internet in some form. Some of our sites were close enough a dedicated T1 line was used between them. Been a few years since way back then.

Looking at this evening's propaganda, I'd venture to say their billing might of been a target or part of the hack. That info is usually computed elsewhere and more secure, with backup. Colonial has a very good idea how much product was in the pipeline and where. Don't have a clue about their pipeline,,,,,,,,,but a team of instrument techs and cell phones could get-r-flowing again. But a pain in the back side if the $$$ aren't counted.

What a mess................

 

[Dinglenutz]

My guess is that somebody somewhere decided they did not want to pay for 24/7/365 onsite monitoring and control, so they allowed for remote control and paid less for someone to be on call with immediate remote access (probably necessary to control spills/etc. as quickly as possible).

That's fine. Ish.

Just make sure NONE of those computers can connect to the internet. Just to each other via a dedicated VPN. Disable USB storage, etc. This isn't uncharted territory.

 

[Ridge Walker]

That's fine. Ish.

Just make sure NONE of those computers can connect to the internet. Just to each other via a dedicated VPN. Disable USB storage, etc. This isn't uncharted territory.

Kind a like voting machines. Just saying.

 

[Lennie]

Good Word News | an integrated news site covering all the news from all over the world, with a new vision that covers all the news as it happens from our different sources.

an integrated news site covering all the news from all over the world, with a new vision that covers all the news as it happens from our different sources.

goodwordnews.com

Some the states claim they are going after price gougers who charge extra for fuel. Seriously, why can't they go after gougers who are over charging for primers and ammo?

 

[The Heretic]

Good Word News | an integrated news site covering all the news from all over the world, with a new vision that covers all the news as it happens from our different sources.

an integrated news site covering all the news from all over the world, with a new vision that covers all the news as it happens from our different sources.

goodwordnews.com

Some the states claim they are going after price gougers who charge extra for fuel. Seriously, why can't they go after gougers who are over charging for primers and ammo?

Because they do not consider ammo and reloading supplies to be emergency commodities necessary for everyday life?

 

[Dinglenutz]

Apparently the control systems WERE isolated, the corporate systems (Marcie in HR) were infected and they shut it all down in a panic just to be safe.

 

[The Heretic]

 

[po18guy]

View attachment 882445

Wasn't that Tiny Dim from Dickens' "A Crisis Carol"?

 

[2001dram]

I believe nothing on the news these days i. I would not be surprised if the "hack" ever happened . sure hacks happen buy why would the tell the people. these days i feel every thing has an agenda.

 

[Xaevian]

Wasn't that Tiny Dim from Dickens' "A Crisis Carol"?

Oh, the layers!

 

[The Heretic]

Wasn't that Tiny Dim from Dickens' "A Crisis Carol"?

Oliver Twist

 

[The Heretic]

‘Do not fill plastic bags with gasoline’ U.S. warns as shortages grow

The U.S. Consumer Product Safety Commission on Wednesday warned Americans to not fill plastic bags with gasoline as fuel shortages worsened for a sixth day and consumers raced to secure supplies.

www.reuters.com

 

[Provincial]

One thing that I have not seen is an analysis that addresses the concentration of business in the US. The government has allowed this concentration by redefining the terms of "monopoly" to the point that it allows a single company to control critical sectors of our economy.

From a strategic defense standpoint, no single pipeline should have carried the entire flow of fuel to such a large area. Notwithstanding the lack of competition, having only one pipeline allows one accident or attack to cut off fuel to a large geographic area. This should have never been allowed.

I don't know when the antitrust regulators went off the tracks, but I had first hand experience with this during the Clinton Administration. At that time, the FTC contact I had explained that companies were allowed to combine into monopolies as long as the consumer did not pay higher prices. As it turned out, they did not follow up on this, and within a few years, the consumers of this product were paying considerably higher prices!

Anyway, when dealing with strategic (economic, as well as military) assets, it is foolish to put all your eggs in one basket. (insert disgusted smiley here)