May 08, 2021
Invest in Physical Petrol
...if you're on the East Coast of the U.S.
There has been a cyber-attack that has shut down over half of the oil flowing into the East Coast from Texas. The Pennsylvania fields alone can't carry the load and so if its not resolved by tomorrow night there will be shortages in very short order. This appears to be a ransomware attack and this may be the most consequential one ever.
Picture is (hopefully) unrelated:
I'm curious if the IT professionals in the audience have anything to add.
UPDATE:
Via Pixy comes this article with a map of the affected area. Note that amongst the many affected parties are the big military fuel depots. The U.S. Navy's in Yorktown (servicing Norfolk), The Army Transportation Command at Fort Eustis, and Langley Air Force Base.
Posted by: The Brickmuppet at
11:34 PM
| Comments (3)
| Add Comment
Post contains 137 words, total size 2 kb.
1
Not IT or a security professional.
a) What the h#ll?
b) Industrial controllers are not exactly a standard high profile malware target.
c) Walt Boyes is/was a journalist in controls, and had a security philosophy for industrial systems. IIRC, and if I understood it, he thought the standard IT reflexive 'shut it down' was the wrong default.
d) Hearsay is that industrial controls, etc., are extremely vulnerable targets.
e) This is odd for a ransom target. You might need to be smart to put together a reliable exploit for a given system. It would make sense to also pick targets that can and will pay, versus targets that won't, and will get you hunted down.
f) Current situation has a lot of unpleasant and scummy things being done, including with tech. Seems to be 'social disorder' driving it.
Posted by: PatBuckman at Sun May 9 00:07:03 2021 (6y7dz)
2
Might not even have been specifically targeted, but a bored pipeline controller may have been browsing where he shouldn't have.
Posted by: Mauser at Sun May 9 10:00:10 2021 (Ix1l6)
3
Possibly.
Basic problem here is that you probably want at least three layers of abstraction in the software set up, and integrating everything means that the company's answer is likely unique. Not everyone is going to have the experts/stubborn people to make sure it is done right.
At the level of the valves, you are talking about a PLC, or someone out there turning the things manually.
You need one level of interface for technical oversight. Unexpected pressure changes, etc. If you have a lot of this farmed out to a bunch of hourly folks, you will sooner or later have problems because of HR cutting corners. But automating everything means that the system doesn't have the ability to handle anything the engineers did not tell the programmers about. You want the engineers and programmers to have worked together to reliably get the information to trained operators. (You would also want technicians on site in various locations, for maintenance and service.) The operators should be busy with their displays, and definitely should not have unlimited access to the internet.
I expect that part of the problem here is the lockdown. 'Temporarily' shifting duties in a way that wouldn't cause obvious problems in the short term, but in the long term resulted in a problematic kludge. Though, this may be excessive optimism on my part in basic organizational competence.
Third layer is the business side. How much product comes from which supplier, and distributed to which customer. There needs to be a way to decide on contracts, and implement them.
Anyway, I am only at the 'cat is C A T' level with this stuff, so I dunno.
It seems clear that an important business priority was screwed up, so we are profoundly spoiled for choice.
Basic problem here is that you probably want at least three layers of abstraction in the software set up, and integrating everything means that the company's answer is likely unique. Not everyone is going to have the experts/stubborn people to make sure it is done right.
At the level of the valves, you are talking about a PLC, or someone out there turning the things manually.
You need one level of interface for technical oversight. Unexpected pressure changes, etc. If you have a lot of this farmed out to a bunch of hourly folks, you will sooner or later have problems because of HR cutting corners. But automating everything means that the system doesn't have the ability to handle anything the engineers did not tell the programmers about. You want the engineers and programmers to have worked together to reliably get the information to trained operators. (You would also want technicians on site in various locations, for maintenance and service.) The operators should be busy with their displays, and definitely should not have unlimited access to the internet.
I expect that part of the problem here is the lockdown. 'Temporarily' shifting duties in a way that wouldn't cause obvious problems in the short term, but in the long term resulted in a problematic kludge. Though, this may be excessive optimism on my part in basic organizational competence.
Third layer is the business side. How much product comes from which supplier, and distributed to which customer. There needs to be a way to decide on contracts, and implement them.
Anyway, I am only at the 'cat is C A T' level with this stuff, so I dunno.
It seems clear that an important business priority was screwed up, so we are profoundly spoiled for choice.
Posted by: PatBuckman at Sun May 9 11:18:46 2021 (6y7dz)
35kb generated in CPU 0.0167, elapsed 0.367 seconds.
71 queries taking 0.3575 seconds, 360 records returned.
Powered by Minx 1.1.6c-pink.
71 queries taking 0.3575 seconds, 360 records returned.
Powered by Minx 1.1.6c-pink.
