Why does the oil pipeline even connect to the internet? I don't get it... seriously, why can't it be a LAN based setup?

[lynx29]

Can someone please explain this to me? I am referring to the oil pipeline that was hacked recently and has caused part of the shortage issues.

So, ok I understand why a big pipeline needs a computer system, flow states probably, leak check sensors, etc etc - but why does it have to be connected to the internet? Why not just a LAN all self-enclosed for only those workers to access it? Also, this topic applies to a lot of government stuff hooked up to the internet... I just don't get it... why not have it as a LAN based system for those who work on it and need to the sensors, etc... and then have a secondary computer that sometimes takes a raid 1 drive backup and connects it to internet on a separate system... this would be failproof... seems pretty simple to me. I guess I just need someone to explain to me why an oil pipeline needs to be hooked up to the internet... the wires for the internet are already run on it, just convert it to a LAN based system or something for those that need to know only... remote monitoring will have to be done through Skype and a remote worker on site or something if there really is some type of worker that is rare and needs to be in know but is far away... this is only scenario I can think of.


Any ideas or thoughts on this? @R-T-B @TheLostSwede

 

[R-T-B]

It might NOT connect to the internet at all. Someone could've brought this malware in on thumb drive. It happens a lot on high value air gapped systems (earliest instance was the Iranian centrefuge worm, IIRC), as cryptolocker malware like this only needs to be installed. It does not need the internet to actually function.

 

[lynx29]

It might NOT connect to the internet at all. Someone could've brought this malware in on thumb drive. It happens a lot on high value air gapped systems (earliest instance was the Iranian centrefuge worm, IIRC), as cryptolocker malware like this only needs to be installed. It does not need the internet to actually function.

ah ok I had no idea... thread closed LOL

 

[MentalAcetylide]

Can someone please explain this to me? I am referring to the oil pipeline that was hacked recently and has caused part of the shortage issues.

So, ok I understand why a big pipeline needs a computer system, flow states probably, leak check sensors, etc etc - but why does it have to be connected to the internet? Why not just a LAN all self-enclosed for only those workers to access it? Also, this topic applies to a lot of government stuff hooked up to the internet... I just don't get it... why not have it as a LAN based system for those who work on it and need to the sensors, etc... and then have a secondary computer that sometimes takes a raid 1 drive backup and connects it to internet on a separate system... this would be failproof... seems pretty simple to me. I guess I just need someone to explain to me why an oil pipeline needs to be hooked up to the internet... the wires for the internet are already run on it, just convert it to a LAN based system or something for those that need to know only... remote monitoring will have to be done through Skype and a remote worker on site or something if there really is some type of worker that is rare and needs to be in know but is far away... this is only scenario I can think of.


Any ideas or thoughts on this? @R-T-B @TheLostSwede

Because we have a bunch of idiots running everything that would rather have profits & convenience instead of security?
As was already pointed out, it isn't necessary for it to be jacked into the internet. Some assclown doing something that he/she knows damn well that they shouldn't be doing could easily cause the same problem on a closed network.

Imo, this is how the next "Pearl Harbor" is going to do more than just sink a few US warships. Its going to sink the country unless they get their heads out of their asses and start taking more proactive steps to remedy the situation.

 

[Fangio1951]

Can someone please explain this to me? I am referring to the oil pipeline that was hacked recently and has caused part of the shortage issues.

So, ok I understand why a big pipeline needs a computer system, flow states probably, leak check sensors, etc etc - but why does it have to be connected to the internet? Why not just a LAN all self-enclosed for only those workers to access it? Also, this topic applies to a lot of government stuff hooked up to the internet... I just don't get it... why not have it as a LAN based system for those who work on it and need to the sensors, etc... and then have a secondary computer that sometimes takes a raid 1 drive backup and connects it to internet on a separate system... this would be failproof... seems pretty simple to me. I guess I just need someone to explain to me why an oil pipeline needs to be hooked up to the internet... the wires for the internet are already run on it, just convert it to a LAN based system or something for those that need to know only... remote monitoring will have to be done through Skype and a remote worker on site or something if there really is some type of worker that is rare and needs to be in know but is far away... this is only scenario I can think of.


Any ideas or thoughts on this? @R-T-B @TheLostSwede

Like what RBT said plus =

I'm a computer WAN Engineer with the 2nd largest IT Outsourcing company in the Oceania region.

These type of systems are on their own LAN systems, but support engineers use various methods to remotely access the systems for management and monitoring processes on a daily basis.

We perform white hat brute force attacks on our systems to check for any vulnerabilities in our gateways and firewalls.

If the systems aren't patched ad up to date, then these types of attacks can succeed.

 

[Shihabyooo]

Having one computer connected only to a LAN does not necessarily mean you can't get to it through the internet. If any node in this network is exposed to the outside world, there is a risk. Don't know if there exists a computer worm that doesn't scan the local network for other targets to hit once it lands on a new computer.

That said, ransomware folks also nuke any backups they detect, so an online backup system wouldn't be as failproof as you might think.

 

[lynx29]

I mean were oil pipelines really that inefficient before computers...? Has anyone actually ever compared it... maybe it doesn't need to be computerized at all (probably does, just saying I wonder if any of the higher ups of these companies even considered it)... like I mean we had oil and gas before computers, so it must not be impossible. lol

 

[MentalAcetylide]

Like what RBT said plus =

I'm a computer WAN Engineer with the 2nd largest IT Outsourcing company in the Oceania region.

These type of systems are on their own LAN systems, but support engineers use various methods to remotely access the systems for management and monitoring processes on a daily basis.

We perform white hat brute force attacks on our systems to check for any vulnerabilities in our gateways and firewalls.

If the systems aren't patched ad up to date, then these types of attacks can succeed.

These types of attacks can & will succeed, regardless of how patched and up to date the system is. All this does is prevent the more common stuff from getting through. Anyone that has the know-how & determination will eventually get through to a system that relies on a network & software.

 

[Andy Shiekh]

They did investigations on internet vulnerability in 2007

Staged Attack Causes Generator to Self-Destruct - Schneier on Security

Staged cyber attack reveals vulnerability in power grid - Bing video

 

[R-T-B]

These types of attacks can & will succeed, regardless of how patched and up to date the system is. All this does is prevent the more common stuff from getting through. Anyone that has the know-how & determination will eventually get through to a system that relies on a network & software.

You say that like it changes anything.

The point in security is to make the asset more expensive to attain than the asset is worth. If you have a properly patched offline system, it exited "one man job" territory long ago.

 

[newtekie1]

A lot of these systems are remotely monitored. That is why they are connected through the internet.

Having one computer connected only to a LAN does not necessarily mean you can't get to it through the internet. If any node in this network is exposed to the outside world, there is a risk. Don't know if there exists a computer worm that doesn't scan the local network for other targets to hit once it lands on a new computer.

Reminds me of the casino that was hacked through a fish tank thermometer.

That said, ransomware folks also nuke any backups they detect, so an online backup system wouldn't be as failproof as you might think.

Online backups are only vulnerable if the system has constant access to them. Something that opens the connection, uploads the files, then closes the connection isn't likely to be nuked by a ransomeware attack.

 

[Andy Shiekh]

I have a dedicated firewall at home, but I am not sure how much it helps.

 

[R-T-B]

I have a dedicated firewall at home, but I am not sure how much it helps.

A lot more than no firewall.

 

[newtekie1]

A lot more than no firewall.

I can't imagine many people have no firewall these days, considering every ISP(at least in the US) gives a firewall away with their service.

 

[R-T-B]

I can't imagine many people have no firewall these days, considering every ISP(at least in the US) gives a firewall away with their service.

true. Well, mostly. Many of those aren't given away, but rented. Beside the point.

 

[ratirt]

The oil pipelines you refer to are coming directly from production sites. The internet access is to reduce the labor needed for the production and exploration sites enabling personnel doing it remotely. Even though it's a production platform, it still requires people to operate it. When internet access kicked in with the bandwidth necessary, the number of people needed to be physically on-site has reduced. Which means the possibility of somebody getting injured or dead in case of an incident, has been reduced. You may not know that but it's always people who make a mistake that causes a disaster not a machine itself. Less people onboard less possibility that someone will be overlooked, forgotten during evacuation. Internet access gives a faster response to what's happening and allows you to act faster in some cases. Well more less. That's for people already there and you still need to get there as well. That can be an adventure of a life time in a harsh environment and a lot incidents happened due to people's transportation to/from rig-sites. Also there's an economical aspect to this as well. The internet connection is to improve safety of all the people working with production off-shore. Reducing the number of people on-site is important although there are still people there.
LAN connection only is an option and it is being used still but that depends on the job. Internet connection on site is not something you have at home and firewall is not a MS defender. You don't get a fiber optic running to the rig from shore for internet access though. There are specific providers which can provide an internet connection and that one is not via cable although it's been changing. Well that all depends.
Energy business is the most important aspect in today's world. Every country is trying to be energy independent and have a secure delivery of energy. Most of disputes are due to that aspect. Oil is an still will be an important source of energy. If you think these companies use common firewalls to prevent hacks to their systems or data frauds you are looking at this from a wrong perspective. Also, people who are willing to hack into these networks or acquire sensitive data, are not users who are trying to get twitch girls naked photos for free.
You can all read about piper Alpha and what happened back then in 1986. Since that day, oil industry has been through a lot of changes and human safety has been a priority number one and it continues till this day. To bad, this care about human safety is not a priority number one in every aspect of our lives.
That's more less why but there's way, way more to this.

 

[Caring1]

Oil, Gas, Electricity, as long as they are connected, they will be targets.

 

[Andy Shiekh]

I worry about someone spoofing an OS update and bringing down a large number of computers.

 

[dragontamer5788]

Oil, Gas, Electricity, as long as they are connected, they will be targets.

In its own statement, the DarkSide group hinted that an affiliate may have been behind the attack and that it never intended to cause such upheaval. Like some other ransomware groups, DarkSide offers to sell its malware to others in what is known as “ransomware-as-a-service,” according to the cybersecurity firm Cybereason.

In a message posted on the dark web, where DarkSide maintains a site, the group suggested one of its customers was behind the attack and promised to do a better job vetting them going forward.

“We are apolitical. We do not participate in geopolitics,” the message says. “Our goal is to make money and not creating problems for society. From today, we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

To be fair, the criminal group behind the ransomware attack did NOT want to cause such a big ruckus. They promise to do a better job at vetting their clients (and their targets) in the future. This oil pipeline wasn't "targeted" per se. It just so happened to be somewhere, and the group just so happened to shut it down.

If you find a ransomware target, you don't necessarily know what that thing is doing. They probably just saw "Oh, these files look important. I bet we can get lots of money from this", and bam. Woops, you shut down the southeast's source of gasoline. No criminal gang wants the FBI to actually come after them. By accidentally going after such a huge thing, they've accidentally put themselves in the crosshairs of the FBI. That's bad for criminal business.

 

[64K]

Cheap gas is critical to our economy and it doesn't look like there's a quick fix. President Biden addressed the effects of the pipeline shutdown. He had this too say:

“Remediation and recovery is not necessarily a quick and easy process, and while essential functionality can be restored more quickly, it can take organizations weeks or even months to fully return to normal operations."

 

[dragontamer5788]

Cheap gas is critical to our economy and it doesn't look like there's a quick fix.

The good news is that demand is overall down, because we're still "recovering from COVID19" state. Its not like everyone is going out to summer vacation yet. If this gas event happened in June or July (when the country is expected to be largely vaccinated), it'd be much harder to deal with.

Most people I know are still work-from-home (for example), so gas demand is almost non-existent for these workers. This "work-from-home" status is probably going to go away as vaccinations increase, which really will increase our consumption of gasoline. But really, we don't actually need much gasoline right now.

 

[64K]

The good news is that demand is overall down, because we're still "recovering from COVID19" state. Its not like everyone is going out to summer vacation yet. If this gas event happened in June or July (when the country is expected to be largely vaccinated), it'd be much harder to deal with.

Most people I know are still work-from-home (for example), so gas demand is almost non-existent for these workers. This "work-from-home" status is probably going to go away as vaccinations increase, which really will increase our consumption of gasoline. But really, we don't actually need much gasoline right now.

Good point but people "panic buy". Do you remember the toilet paper shortage when Covid-19 broke out. Hell, probably a lot of people have a 10 year supply of toilet paper now but I don't think it goes bad.

The gas price hikes will alleviate the shortages some.

 

[MentalAcetylide]

To be fair, the criminal group behind the ransomware attack did NOT want to cause such a big ruckus. They promise to do a better job at vetting their clients (and their targets) in the future. This oil pipeline wasn't "targeted" per se. It just so happened to be somewhere, and the group just so happened to shut it down.

Fair?
Are we to just look the other way and assume, despite the nature of the "business" the group is involved with, that they're a bunch of "gray-hat" hackers too ignorant to have enough foresight to realize that their "clients" could use them & their "tools" for pulling stunts like this? Please.... if a group of individuals is doing stuff like this, whether directly or indirectly, and it causes something like this, they deserve to be hunted down by the FBI. Not so much as a punishment, but because of the potential threats from their recklessness. They can go on all they want about being apolitical or whatever on the dark web AFTER the fact, but regardless of whether they admit it or not, this kind of behavior is part of the problem. Besides, they've admitted as much that they're just in it to make money by offering these services, so if they had any sense of responsibility, they would march their collective asses to the nearest law enforcement agency and have them put to work fixing the affected systems. Knowing the FBI, they would probably hire them, lol.

 

[Steevo]

A lot of the systems are NOT connected to the internet, but have/use low frequency serial data links, but along the whole system is run by centralized computers that are connected to the internet somewhere, or some angry employee may have done it, or some former employee who worked long enough to learn to sabotage.

Here in MT a lot of places are moving to cell or satellite service internet that manage remote compressor or boost stations for different pipelines.

 

[ratirt]

Oil, Gas, Electricity, as long as they are connected, they will be targets.

As long? These will be connected for long. It's energy brother. There is nothing hotter than energy

I worry about someone spoofing an OS update and bringing down a large number of computers.

Not gonna happen no spoof believe me It's like a man land on a moon Yeah I know. This catches up too