Baton Rouge, LA
Investigators from the Chemical Safety Bored continue their
investigation of multiple fires at the Rafael Ravard Refinery south of the city
even as more fires break out. So far there has been no serious damage to the
refinery, no deaths and limited injuries in the on-going incident. Refinery
officials press on with their attempts to manually shut-down the operations.
CSB investigators showed up Saturday as fires were
extinguished in Cracker #2 which was undergoing non-routine maintenance when
the fires started. Additional fires in other units started while those
investigators were on-site as unscheduled shut-downs started in other units.
A CSB spokesman confirmed earlier reports that the initial fire
appears to be related to unplanned shutdown of electronic control system
components in Cracker #2. Those shutdowns were apparently associated with the
routine maintenance of a valve controller in a bypassed line in that unit.
Unconfirmed reports continue to be heard that the initial
problem was caused by a software issue associated with that valve maintenance.
Investigators from an unnamed federal lab in Idaho did arrive on seen on
yesterday. These investigators are reportedly cybersecurity experts that work
with electronic control systems.
Reports are starting to circulate that a ransomware incident
involving a lap top involved in that valve maintenance may be the starting
point of the incident. At least on engineer from the facility has stated that
ransomware is spreading through the facility. That engineer has not been
available for talks with the press.
Ransomware is an attack on computer information systems that
encrypts files and requires the owner of the system to pay a ransom to have
those files decrypted. There have been an increasing number of ransomware
incidents being reported. Most recently the Women and Children’s Hospital here
in Baton Rouge was affected and was forced shutdown many operations while backup
files were used to bypass the problem.
There have been no reports from the refinery about the
number of on-site first aid cases related to the fires during this incident.
There have been 12 people taken to local hospitals, mainly with smoke
inhalation issues. One facility fire fighter is in serious condition in with
chemical burns. Names of the injured have not been publicly released.
Hmm. I've seen a lot of hate and discontent from poorly written protocol stacks that don't interoperate well.
ReplyDeleteSuch problems can masquerade as an attack when it's really just a bunch of poorly tested releases that don't work together well.
The notion that this was any kind of attack malware presumes that someone knows enough about the specific valve and the specific application and the specific person who might have access to that valve to effect a successful attack. That's a lot of specifics. Call me a skeptic, but I really doubt the malware thesis.