Professional Documents
Culture Documents
Byres
Pipeline Control System
By Eric J. Byres, P.Eng., Lantzville, BC, Canada
I
n the winter of 2002-2003, and MS-Word®, many control sys-
Venezuela found itself in the tems have unusual operating systems
grip of the largest and lon- and applications such as VxWorks or
gest strike in Latin American RSLogix™. This means that many of
history. Lasting from Dec. 2 the proven IT security solutions will
until Feb. 2, the strike paralyzed the not function correctly or, if they do
oil industry through work stoppages run, may interfere with the SCADA
and acts of sabotage. According to operations.
a published report at the time, Ali A good example of this was
Rodriguez, the head of Petróleos de reported at an ISA Industrial Security
Venezuela, S.A. (PDVSA), stated: Conference in Philadelphia a few
“[...] we have suffered many acts years ago. When an emergency shut-
of sabotage at the terminals, the down system on a boiler failed to
refineries, and even to some well- operate correctly, investigators dis-
heads in Lake Maracaibo. There covered that anti-virus software had
were even instances of computer been installed on the computer used
hacking which did a lot of damage to configure the safety system. This
since much of the operation is cen- Attack routes taken. In 75 incidents from 2002 to 2006, attackers and software blocked the proper opera-
trally controlled by computer.” viruses infiltrated SCADA systems via secondary pathways nearly tion of the safety system, putting the
Details of the cyber attacks on 50% of the time. (Source: Industrial Security Incident Database, June 2006) entire plant at risk. There was nothing
PDVSA’s systems were slow to wrong with the safety system or the
emerge, but it seemed that hackers were able settings to produce pressures far beyond those anti-virus software on their own, but together
to penetrate the SCADA system responsible acceptable to pipeline joints and welds.” they made a life-threatening combination.
for tanker loading at a marine terminal in By creating an explosion with the power of The result is that many IT departments
eastern Venezuela. Once inside, the hackers a three-kiloton nuclear weapon, the U.S. man- quietly wash their hands of a security respon-
erased the programs in the programmable aged to disrupt supplies of gas and consequen- sibility once a piece of network or computer
logic controllers (PLCs) operating the facil- tial foreign currency earnings of the Soviet hardware is attached to the SCADA network.
ity, preventing tanker loading for eight hours. Union for over a year. And if the SCADA operations/engineering
Fortunately for PDVSA, the tactics of attack- These instances of computer hacking were team doesn’t take up cyber security as its
ers were unsophisticated, making detection of the first public examples of the susceptibility responsibility, this leaves a nice gap that the
the problem relatively easy, and backups of of oil and gas operations to deliberate external hacker or virus can silently slip though.
the PLC programs were unaffected, making cyber attacks on control systems. For many
recovery straightforward. companies it forced a complete re-evaluation Wrong Assumptions
Two years later a book by Thomas Reed, of what cyber security meant when it came to Many managers also assume that all cyber-
senior U.S. national security official, made oil and gas SCADA-control systems. security problems arise from outside the com-
it clear that not all pipeline operators are so pany premises, generally from hackers. Next,
lucky. In his book, “At The Abyss,” Reed Misunderstanding The Risk they assume those problems that attempt to
reported how the U.S. allowed the USSR Internal surveys at several major oil compa- enter the company SCADA system come
to steal pipeline control software from a nies indicated that managers often misunder- through obvious pathways that can be man-
Canadian company. Unknown to the Russians, stand the situation they face when it comes to aged by a single Bastion Firewall between the
this software included malicious code (known SCADA security. First, many believe that the business network and the SCADA network.
as a Trojan horse) that caused a major explo- Information Technology (IT) group automati- Unfortunately, when problems originate from
sion of the Trans-Siberian gas pipeline in June cally looks after SCADA security as well. This within the company, as they often do, the
1982. The Trojan ran during a pressure test on is rarely the case. Bastion firewall does little to help, leaving the
the pipeline and massively increased the usual While IT departments are very good at pro- SCADA system an easy target for disruption.
pressure, causing the explosion. Reed writes: viding security for systems they understand, To understand where the Bastion model
“In order to disrupt the Soviet gas supply, its such as Windows® servers and accounting fails, it is helpful to look at an Internet worm
hard currency earnings from the West, and the databases, the critical control systems that run called the Slammer Worm and study how it has
internal Russian economy, the pipeline soft- the pipelines and refineries day in and day out affected control systems since its creation in
ware that was to run the pumps, turbines, and are forbidding beasts to the IT professional. 2003. According to records in the Repository
valves was programmed to go haywire, after a For example, instead of the typical IT operat- for Industrial Security Incidents (RISI), this
decent interval, to reset pump speeds and valve ing systems and applications like Windows® one worm has been responsible for more