Colonial Pipeline stopping all operations due to cyberattack
- Thread starter y_p_w
- Start date
- Status
Somebody dropped the ball.
It should be responded to just like it were a bomb hitting vital facilities. bc that's what it is.
Agreed. 30 years for the perpetrator if caught and drone strikes if a foreign actor is the culprit.
Oh boy this will be fun. They just set up encryption on our work computers this week and have done several things already to increase security. I am sure this will make for more fun stuff to come.
Shouldnt surprise anyone that this happens.
The systems that run it could be really old. I've seen things like cash register systems running off of Windows 95/98/XP.
If the attack originated from malware or ransomware that infected systems, potentially inadvertently, then network issues could be fixed in a matter of days or weeks, depending on how well prepared Colonial was to respond to an attack, said Grant Geyer, chief product officer of software firm Claroty, which specializes in industrial cybersecurity.
U.S. Pipeline Cyberattack Forces Closure
The operator of the Colonial Pipeline, the main conduit carrying gasoline and diesel fuel to the U.S. East Coast, temporarily shut down all operations after discovering a cyberattack.www.wsj.com
But if a nation-state directed the attack, it would require an extensive cybersecurity response to fix vulnerabilities that could serve as a “backdoor” for infections later.
“A lot of the systems that control industrial environments are managed by, in some cases, antiquated Windows systems that are rife with vulnerabilities,” Mr. Geyer said, adding the problem is particularly acute in the energy industry.
Lucky here, we can still get gas from the Port of Tampa, however, anyone on the East coast, from Texas clear up to DC, better gas up if this outage lasts very long.
It's not going to be impossible (via sea and rail), but by pipeline is clearly the cheapest way to deliver fuel and crude oil.
No, not possible. Check the volumes these pipelines carry per DAY. Also several airports for customers. Anybody with a tanker truck fleet is in for some long hours.
Why does it even have to be connected to the internet? (I assuming that's how it was hacked)
It really depends on the situation. Colonial says pipeline operations have been shut down, but it's not clear if that means they're not delivering from storage facilities that still have fuel or crude.
If it's down for too long they will need to play catch up. But what I was getting at would be that simply shutting down Colonial wouldn't kill all deliveries since there's sea or rail. Also - Kinder Morgan operates on the east coast.
Like who? Just wondering how do you know so much.
Most likely they are just normal Windows machine in their own internal network, but somehow people use USB to transfer test logs and files around, check email on it, copy and paste screen shot of diagnostic software, and maybe let vendors dial in to check a problem without flying someone over.
Wife's former company got hit by a ransomware and they paid through the nose to unlock a couple machines, then the machines are no longer connected and they cannot use printer on it anymore, or some other nonsense. I think the company went into financial problem afterward. They are not really "connected to the internet" but everything these days have a USB port and sooner or later IT wants you to connect to somewhere so they can run windows update (or Linux update, or Mac update) on it.
They most likely won't cause spill as human can always override stuff, but it would be like city wide traffic jam when all the traffic light malfunction at the same time.
The equipment in the field is most likely old but the SCADA system running it all along with other metering and leak warning systems would be running on relatively new systems.
It doesn’t have to be connected to the “internet” for this to happen. These hackers can make a program that lays dormant until it sees that someone connected their computer to an isolated company network and work its way in from there.
An astounding number of industrial SCADA terminals are still running completely unpatched versions of Windows XP or ancient versions of *nix/BSD.
They're typically not internet connected so it's not a big deal but all it takes is something like someone replacing a switch and not realizing that the control network was on a VLAN that previously had no access to the internet, or someone with "bright ideas" about some new remote alarm notification system they want to create, etc...
There's been weird stuff including malware that made its way to LCD photo displays. Heck - decades ago I remember when there were viruses being transmitted slowly through sharing of floppies.
Think about it.
- Status
