Only took 1 Cyber attack

PlacidCasual · 12 May 2021 at 15:39

You have to understand the process safety implications of changing some of these systems is major. I'm a mechanical engineer and I project managed a major upgrade that involved mechanical, instrumentation and control works. One of the hardest parts was the safety case for moving from the old "ok at time of installation" control system to the new. Because you are making an active change you have to demonstrate due diligence in a way you don't for legacy systems.

For instance nuclear reactors the World over are running on software platforms that were obsolete decades ago because it is too difficult to demonstrate you have managed all the risks on an upgraded system.

In a general sense obsolete platforms for controls systems is a problem but it's more than just laziness and penny pinching there are genuine technical and regulatory challenges.

The Funktopus · 12 May 2021 at 20:07

Did my first trip qualified with one of the big container lines on a ship built at a South Korean yard in 2011. I was rather dismayed to see that the IAS software that we used in the engine room was running on a late 90’s vintage Pentium 4 PC using Windows 98 SE. And yes, we did get the blue screen of death.

The worst was when it happened while transferring fuel from the storage tanks to the settling tanks, as whoever set the system up programmed the remote hydraulically operated valves to close by default if they lost their control signal, meanwhile, the transfer pump, which was a positive displacement pump would keep running. The only way to stop it while the system rebooted was to run down to the switch board room and throw open the breaker for the pump, and just pray that you’d either done it in time before anything in the pipeline overpressured and burst, or that the safety valve on the pump had worked as intended. :eek:

JBod · 13 May 2021 at 01:06

Kutter said:
No petrol in about 5 of the 7 stations i passed on the way back home from Costco this morning. Costco had just had a delivery and there was around 100 cars in line waiting for fuel. South east USA has been screwed by 1 cyber attack, wonder what would happen if they took down the grid. Looks like were in for an interesting year again.

Sorry, I can't hear you over the sound of my smugness as I plug in my Tesla.

(please don't hack the power grid, please don't hack the power grid, please don't hack the power grid....)

Rroff · 13 May 2021 at 01:13

The Funktopus said:
Did my first trip qualified with one of the big container lines on a ship built at a South Korean yard in 2011. I was rather dismayed to see that the IAS software that we used in the engine room was running on a late 90’s vintage Pentium 4 PC using Windows 98 SE. And yes, we did get the blue screen of death.

The worst was when it happened while transferring fuel from the storage tanks to the settling tanks, as whoever set the system up programmed the remote hydraulically operated valves to close by default if they lost their control signal, meanwhile, the transfer pump, which was a positive displacement pump would keep running. The only way to stop it while the system rebooted was to run down to the switch board room and throw open the breaker for the pump, and just pray that you’d either done it in time before anything in the pipeline overpressured and burst, or that the safety valve on the pump had worked as intended.

I was on a catamaran once and noticed their main systems were running Windows ME! and at least one of them was sitting on a BSOD. That didn't exactly inspire me.

Reality|Bites · 13 May 2021 at 01:18

so they can't just turn it off and on again then?

ANDARIAL · 13 May 2021 at 08:41

Reality|Bites said:
so they can't just turn it off and on again then?

Freakbro · 13 May 2021 at 10:40

Werewolf said:
Strange how the facts don't match your reality.

It really, really isn't

V F · 13 May 2021 at 16:16

Kutter said:
No petrol in about 5 of the 7 stations i passed on the way back home from Costco this morning. Costco had just had a delivery and there was around 100 cars in line waiting for fuel. South east USA has been screwed by 1 cyber attack, wonder what would happen if they took down the grid. Looks like were in for an interesting year again.

Gus Gorman. :cry:

GGizmo · 13 May 2021 at 17:05

So it looks like they paid the ransom.

Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom
https://www.bloomberg.com/news/arti...eline-paid-hackers-nearly-5-million-in-ransom

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

If these companies aren't willing or are unable to upgrade their security, then they need to make sure 1. the network is away from the general Internet, and 2. make efforts to stop in person attacks i.e. someone plugging an infected usb in to one of the computers.

V F · 13 May 2021 at 18:23

BowdonUK said:
If these companies aren't willing or are unable to upgrade their security, then they need to make sure 1. the network is away from the general Internet, and 2. make efforts to stop in person attacks i.e. someone plugging an infected usb in to one of the computers.

This situation then wouldn't exist. Not going to happen.

At the end of the day it costs money for security experts but they've got no issue forking out ransom money. :cry:

Malevolence · 13 May 2021 at 19:55

Abraxaz1 · 14 May 2021 at 17:08

Soo for once this is actually my area of expertise!

The main issue here isn't the software or the operating system it is the staff. The majority of the staff are barely computer literate, to the point they would plug personal usb sticks into air gapped systems or worse plug their phones....

Hence there has been a big push on limitation of access, minimum usb blockers on every port to removal of servers and computers from general access i.e. places in different areas of the building or locked away with individual keyed padlocks.

What's been affected here is the out stations, these tend to be basic DCs or PLC's with a HMI, they tend to communicate with a control room via a satellite system with a back up phone line. These are usually encoded and have to go through a programmed switch which identifies what is attached so prevents unknown sources joining a network.

These RTUs do not control safety systems, all safety systems should be air gapped bar analogue and DC signals, so if a rtu is hacked then the safety system cannot be affected by outside influences. Safety systems such as slamshuts for over pressurisation should be fully mechanical, I.e no electrical signals triggering it. These are covered under the PSSR regulations.

The other issue is that the control systems are all running on old operating systems, majority are running on windows XP...
The annoying thing is the majority of plc control systems have a Linux version but there is a large fear of the unknown, if it isn't already been installed then no one wants to do it. Hell running Windows XP in a virtual machine is seen as extreme.

There are a few companies that produce a fully custom Linux control system but they lock you into a certain plc which means third party suppliers are locked out so you end up paying £2k for a 8 input analogue input card.

I assume that the hackers have shut certain valves while informing the control room they were open or infected a compressor station and are unable to pull the oil from the terminal. If it was just the pipeline then they could just open the valves and do daily checks or 24 hour man it. If it's a compressor station you could technically run it in manual but it would not be safe.

arknor · 14 May 2021 at 17:13

BowdonUK said:
If these companies aren't willing or are unable to upgrade their security, then they need to make sure 1. the network is away from the general Internet, and 2. make efforts to stop in person attacks i.e. someone plugging an infected usb in to one of the computers.

it's probably cheaper for them to just pay a ransom until it happens enough times.

Nasher · 14 May 2021 at 17:28

Would have been cheaper to pay for a backup system and maybe some redundancy though

JBod said:
Sorry, I can't hear you over the sound of my smugness as I plug in my Tesla.

(please don't hack the power grid, please don't hack the power grid, please don't hack the power grid....)

Don't need to hack the powergrid, only the cloud system Teslas are connected to and push out some malware

Colonel_Klinck · 14 May 2021 at 17:30

mmj_uk said:
Just proves what a great idea having voting machines connected to the internet is. They're totally secure though according to the Democrats and corporate media who spent 4 years claiming that the 2016 election was rigged.

Still trying to sell the Big Lie I see. These systems that Republicans put in place in many States only became an issue when Trump started saying he could only lose to fraud and then when he did lose its fraud. Maybe the Dems should pass a new voting rights act that has paper ballots for everyone, automatic voter registration, mail in voting by default, the more people that vote, the stronger the democracy.

As for this story, this is what happens when the private sector isn't properly regulated. They should be forced to meet a certain standard of security and if that standard isn't high enough right now it should be raised. If some hackers can get in, you can guarantee America's enemies can.

MissChief · 14 May 2021 at 17:31

Nasher said:
Would have been cheaper to pay for a backup system and maybe some redundancy though

It’s easy to say that now, but to an accountant that stuff all costs money and ‘it might never happen’. At least that’s how most firms with accountants in charge look at it. No doubt there are CTO’s in board meetings worldwide almost daily asking for upgrades and resilience and being told there’s no budget for it or it’s too expensive. Then being blamed when something like this happens.

PlacidCasual · 14 May 2021 at 17:40

In the UK you can be fined a percentage of your turnover if you operate national infrastructure and the cyber security is insufficient.

a1ex2001 · 14 May 2021 at 19:38

Scougar said:
After looking at pictures of people making it worse by filling water buts, oil drums and even plastic bags with petrol... I just give up with humans lol. Literally made the situation from a minor inconvenience to a massive problem in places like Georgia and Virginia.

Exactly the same happened here when we had the fuel blockades back in the day people went crazy wiring for hours to fill up a car they did 20 miles a week in. The situation was utterly bonkers but people love a good panic buy this time it was petrol instead of loo roll!

Malevolence · 3 Jul 2021 at 05:59

And here we go again, apparently one company was hit which then spread the ransomware to another 200+ companies. No details as to which companies are hit yet though.

https://www.bbc.co.uk/news/world-us-canada-57703836

Wonder who, or what, got Bruce Banner angry enough to be so vindictive?

lurkio · 3 Jul 2021 at 09:57

the funniest thing I found about the petrol shortage attack .......
the pumping stuff was all working fine .......... the ability to monitor and bill for the amounts used was taken out
so the company themselves cut off supplies