Today the DHS ECS-CERT announced that the recent shutdown of
the Rafael Ravard Refinery in Louisiana was a direct result of a cyber-attack
on the facility using the recently discovered HighTempOverride malware. The
refinery is still in shutdown mode two weeks after the attack.
ECS-CERT spokesman Immanuel C. Securitage said that attack
last month at Ravard Refinery was very similar to attacks on an unnamed
chlorine production facility two months ago. That earlier attack caused a
number of process shutdowns over the period of a couple of days and then shut
the plant down when the control system software used at the plant was wiped
from the system control computers.
Securitage explained that the process shutdowns were caused
by spoofing temperature readouts in the reaction monitoring system, causing the
control system to think that the process was entering a potentially dangerous
out of control condition. This is the source of the ECS-CERT name for the
malware, HighTempOverride.
The Federal Bureau of Inquiry spokesman Johnathan Quest said
that the earlier attack was claimed by Students for Immediate Neutralization of
Chlorine Technology and Energy Reversion (SFINCTER). No one has yet claimed responsibility
for the Ravard Refinery attack.
Cesar Chavez, President of the Ravard Refinery, noted that
his facility had taken precautions against this type of attack by ensuring that
all control system files were routinely backed up. This would normally allow
for a quick restart after this type of attack. According to the Agency for
Chemical and Environmental Security (ACES) the attackers had apparently
modified the malware to include a module that infected backup files.
Chaves told reporters that he did not know when the refinery
would be able to resume production. Due to retirements over the last couple of
years, there were very few employees that were familiar with routine manual
operations at the facility. ECS-CERT and the refinery engineering staff were
working with Robotron, the control system supplier, to try to remove the
malware from the control system.
Chaves noted that every day the refinery was shutdown cost
the company $1.5 million.