HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Cyberattack Forces a Shut...

Sat May 8, 2021, 08:10 AM

Cyberattack Forces a Shutdown of a Top U.S. Pipeline Operator

Source: New York Times

A cyberattack forced the shutdown of one of the largest pipelines in the United States, in what appeared to be a significant attempt to disrupt vulnerable energy infrastructure. The pipeline carries refined gasoline and jet fuel up the East Coast from Texas to New York. The operator of the system, Colonial Pipeline, said in a statement late Friday that it had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the attack on its computer networks.

Earlier Friday, there were disruptions along the pipeline, but it was unclear whether that was a direct result of the attack. Colonial’s pipeline transports 2.5 million barrels each day, taking refined gasoline, diesel fuel and jet fuel from the Gulf Coast up to New York Harbor and New York’s major airports. Most of that goes into major storage tanks, and with energy use depressed by the pandemic, the attack was unlikely to cause any immediate disruptions. In the statement, the company said that it learned on Friday that it “was the victim of a cybersecurity attack,” but it provided no details.

Such an attack could involve malware that shut down its operations or ransomware demanding payment to unlock computer files or systems. “In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our I.T. operations,” the company said, referring to information technology systems. It said it had contacted law enforcement and other federal agencies. The F.B.I. leads such investigations, but critical infrastructure is the responsibility of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

The breach comes just months after two major attacks on American computer networks — the SolarWinds intrusion by Russia’s main intelligence service, and another against a Microsoft email service that has been attributed to Chinese hackers — that have illustrated the vulnerability of the networks on which the government and corporations rely. While both of those attacks appeared aimed, at least initially, on the theft of emails and other data, the nature of the intrusions created “back doors” that experts say could ultimately enable attacks on physical infrastructure. So far, neither effort is thought to have led to anything other than data theft.

Read more: https://www.nytimes.com/2021/05/08/us/cyberattack-colonial-pipeline.html



30 replies, 2414 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 30 replies Author Time Post
Reply Cyberattack Forces a Shutdown of a Top U.S. Pipeline Operator (Original post)
BumRushDaShow May 8 OP
ancianita May 8 #1
Maxheader May 8 #2
ancianita May 8 #3
Maxheader May 8 #19
oldsoftie May 8 #4
ancianita May 8 #5
oldsoftie May 8 #11
GregariousGroundhog May 8 #12
ancianita May 8 #15
cayugafalls May 8 #18
cayugafalls May 8 #16
ancianita May 8 #20
cayugafalls May 8 #24
ancianita May 8 #25
llashram May 8 #6
ancianita May 8 #21
Steelrolled May 8 #22
dalton99a May 8 #7
JohnSJ May 8 #8
iluvtennis May 8 #10
GregariousGroundhog May 8 #14
iluvtennis May 8 #26
Marthe48 May 8 #9
Yo_Mama_Been_Loggin May 8 #13
SWBTATTReg May 8 #17
Steelrolled May 8 #23
SWBTATTReg May 9 #30
iluvtennis May 8 #27
orangecrush May 8 #28
OldBaldy1701E May 9 #29

Response to BumRushDaShow (Original post)

Sat May 8, 2021, 08:32 AM

1. A stupid computer system, if you ask me.

The 5,500 miles of pipeline computer system should be a separate system from its other computer networks. Distribution of vulnerability is important.

So they stupidly deprive East Coast humans of fuel because they gotta save data? And they're gonna just keep the system better 'walled' now?

Maybe I'm the stupid one, but it makes no sense that energy or utility companies should connect direct product distribution mechanisms to their data networks.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #1)

Sat May 8, 2021, 08:42 AM

2. So its not just a matter of punk kid hackers..


looking to cause problems, but a stupid systems setup?..

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maxheader (Reply #2)

Sat May 8, 2021, 09:30 AM

3. Well it could be that, too. Maybe even anti-fossil ecohackers.

But stupid systems don't help no matter who the hackers are, right?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #3)

Sat May 8, 2021, 01:23 PM

19. Got it...thanks..



Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #1)

Sat May 8, 2021, 09:34 AM

4. I've never understood that myself

I'm certainly NOT a computer expert, but i dont see the reason for a lot of these type systems being open to the outside. That story about the FL water system that was tampered with is another one; WHY do you need to access the water system away from the plant? Workers onsite should be the only ones able to access the computers

Reply to this post

Back to top Alert abuse Link here Permalink


Response to oldsoftie (Reply #4)

Sat May 8, 2021, 09:41 AM

5. Maybe

because computer systems' on-off mechanisms replace on-site workers? On-site worker operations can be vulnerable, too. But on-off switches should be a whole separate system on a dedicated server not attached to data servers, imo.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #5)

Sat May 8, 2021, 11:50 AM

11. I agree. This shit is only gonna get worse

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #1)

Sat May 8, 2021, 12:17 PM

12. It's more nuanced than you think

I cannot speak to gas or oil distribution, but electrical generation and distribution systems are governed by the National Electric Reliability Council Critical Infrastructure Protection regulations, more commonly known as NERC CIP.

Critical infrastructure is usually (if not always) run on a separate network that has no Internet connectivity and only limited connectivity to the main corporate network. The servers used as a bridge between the two networks are usually well fortified with the use of firewall, antivirus, and other intrusion detection mechanisms.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to GregariousGroundhog (Reply #12)

Sat May 8, 2021, 01:02 PM

15. Cool. So are you saying this was not due to their own system vulnerability?

So does this mean there was a big actor responsible for the intrusion?

Thank you for the information. I plan to read up more on what you posted.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to GregariousGroundhog (Reply #12)

Sat May 8, 2021, 01:22 PM

18. I agree with the 'usually' part about running on separate networks.

However, the link does exist, always. There is always a path from corporate networks to infrastructure networks. Gone are the days of sneaker net updates.

Updates to software, firewalls, switches, controllers all happen via network connections. Usually, these are secure VPN's into remote servers by qualified personnel.

The security exploit most commonly used is to gain access to qualified personnel and then you can simply leech their vpn connection and gain access to critical data or systems.

It is a widely known vulnerability in the industry, little talked about, but it does exist.

The best firewall and IDS is only as good as the employee who gets hacked.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #1)

Sat May 8, 2021, 01:11 PM

16. That is not how it works. I worked on control systems and complex systems,

like pipeline distribution networks have a very complex set of computer controls, checks and valves that need monitoring and controlling and all of it is done via software running on programmable controllers. There is no way to manage the amount of valves and controls manually, it has to be done with computers and they have to be networked.

These controllers are critical in making sure that valves open when they are supposed to and therefore any hack related to infiltrating the systems in place would necessitate bringing down the entire system until security could be guaranteed so that a valve that controls say an emergency pressure release valve does not open when an undesired presence of fuel could mean an environmental disaster.

We do not know how the hackers gamed the system. Most likely they exploited a vulnerability in the firewall and an email got through that should not have.

That is why training your employees to not click on links in emails is critical and there needs to be quarterly security audits in all critical infrastructure facilities. Until that happens, systems are vulnerable.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cayugafalls (Reply #16)

Sat May 8, 2021, 02:15 PM

20. I'm sure I don't know how any of it works.

I'm no IT person, just a mom of one IT son, and his older brother, who used to work for FireEye and now works for Palo Alto Security. I know nothing of what they know.

Thanks for the explanation of why the system had to go down. I guess linked articles can't get into the whys as much as I'd like.

Emails and clicking. You'd think by the time people work near computers for such systems, they've got that awareness internalized.

Thank you for your post, cayugafalls. I always learn a lot around here, and it's much appreciated.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ancianita (Reply #20)

Sat May 8, 2021, 04:41 PM

24. You're welcome. My apologies if I came off abrupt. ;-)

I remember working at one company and one day the President of the company clicked on a link in an email. Within 5 minutes the network firewall was sending me alerts that a worm was eating eats way through the system. I literally walked over to the server rack and disconnected the power cord to the main switch before I lost everything.

It still took me 24 hours before I could safely bring the network back up as all computers had to be cleaned or verified uninfected.

If I had not been on site that day it would have been a disaster.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cayugafalls (Reply #24)

Sat May 8, 2021, 04:46 PM

25. Good lord. You should have gone after his job.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BumRushDaShow (Original post)

Sat May 8, 2021, 09:42 AM

6. mmmm

I just wonder how badly trump, miller, bannon et al. helped co-opt the cybersecurity of this country, especially with the russians...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to llashram (Reply #6)

Sat May 8, 2021, 02:24 PM

21. And China. We're in a pincer attack situation from both, and might not be able to determine

from which it's happening each time it happens. Or at least the public isn't told, anyway.

Which might be the point of such attacks -- to lower public confidence in infrastructure.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to llashram (Reply #6)

Sat May 8, 2021, 03:20 PM

22. For stuff like this, I would say they had little effect.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BumRushDaShow (Original post)

Sat May 8, 2021, 10:44 AM

7. Critical infrastructure control systems shouldn't be connected to the Internet

and vulnerable to hackers


Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Reply #7)

Sat May 8, 2021, 10:57 AM

8. No kidding

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Reply #7)

Sat May 8, 2021, 11:42 AM

10. Yes, indeed. When I worked as defense contractor on what we called mission critical command

and control software for weapon systems - those systems were on separate (..independent of the world wide web..) networking systems. The system had security via crypto boxes, two person control systems,continuous testing, on demand testing, etc, etc.

Energy systems need some controls like those used for military weapon systems as energy systems are critical that if lost can be detrimental to life.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to iluvtennis (Reply #10)

Sat May 8, 2021, 12:26 PM

14. There are standards in place for electric utilities

Electrical generation and distribution systems are governed by the National Electrical Reliability Council's Critical Infrastructure Protection regulations (NERC CIP). I'm uncertain if gas or oil systems are governed by a similar organization.

Infrastructure governed by NERC CIP use controls similar to what you mentioned - they are on a network with no Internet connectivity and only limited connectivity to the corporate network, servers used to bridge connectivity between the two networks have antivirus, firewall, and intrusion detection controls in place, etc.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to GregariousGroundhog (Reply #14)

Sat May 8, 2021, 10:16 PM

26. Thanks for that info on the standards - it's good to know it isn't adhoc. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BumRushDaShow (Original post)

Sat May 8, 2021, 11:37 AM

9. The U.S. keeps getting warned

about lax security, physical and cyber, and we keep ignoring the warnings.

I change my passwords on my own. I get 1 mandatory notice to change my password on a regular basis. One company remined me once in 10 years. That's is awful!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BumRushDaShow (Original post)

Sat May 8, 2021, 12:21 PM

13. Trump's buddy Pooty has been busy again

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BumRushDaShow (Original post)

Sat May 8, 2021, 01:18 PM

17. And systems that are open to such attacks should have been designed w/ safeguards built in,

after all, if the flow of oil/other raw materials is impacted, their bottom line is impacted too.

Idiots. I hope heads roll at these irresponsible companies. Disaster Recovery should be an ongoing concern for ALL companies.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SWBTATTReg (Reply #17)

Sat May 8, 2021, 03:23 PM

23. I imagine these systems did have safeguards built in.

They just weren't good enough. Same story everywhere. But there is some truth to the saying "what doesn't kill us makes us stronger".

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Steelrolled (Reply #23)

Sun May 9, 2021, 12:30 PM

30. If you were a software designer (I was and you may be/have been), there ain't no software written...

yet that won't have any issue(s), get 'hacked' into, etc.

You may see such comprehensive software written one day that is 'foolproof', e.g., software governing gadgets perhaps on the Intl Space Station or some other similar critical function. Most commercial applications are pretty well written w/ tight budgets, even tighter testing schedules in the rush to get the software out the door...

Have a nice Sunday!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SWBTATTReg (Reply #17)

Sat May 8, 2021, 10:17 PM

27. + agree. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BumRushDaShow (Original post)

Sat May 8, 2021, 10:57 PM

28. Good show on NPR about this stuff recently


The opinion of the experts seemed to be that a strong retaliation against the suspected state actors is the only way to deal with this.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BumRushDaShow (Original post)

Sun May 9, 2021, 07:55 AM

29. I only have one thins to say about this

There is no way to stop someone from hacking into a computer system if it is connected to the internet. I don't care how good you think you are, there is always someone else who is better and more able. If you want the thing protected, you have to disconnect it. And, if you don't want this crap to keep happening, stop connecting everything together. (You know, the Battlestar Galactica remake was a good show but it also addressed a few things about our society, and one of them was the vulnerability of our rush to be so interconnected.) There is no need for a 'power grid', we have the means to generate power per structure/location. Create computers that SHUT DOWN when you tell them to shut down. (I would also love to make it illegal for computer companies to add carp to updates that have nothing to do with the updates, including their habit of changing your settings with no warning.) But mostly, stop being so arrogant and idiotic as to keep on ignoring the signs that we are being too complacent with this matter. (Hey, either someone is lying about other's abilities, or we suck at this, seeing as how it keeps happening. Maybe a little less chest thumping and a little more progressive thought is what is needed. (Yeah, like that is going to happen...)

(Okay, more than one thing.)

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread