Pipeline Safety, Security and Operations Office (PSSOO) announced today that the recent crude oil leak near Tyler, Texas was due to a sophisticated cyberattack on the pipeline control system. “The attackers manipulated valves and pumps to create a local overpressure situation,” Michael E Thane, spokesperson for the PSSOO; “This caused pressure relief systems to open and begin pouring crude oil out at the remote location near the Neches River.”
The pipeline, owned by the Friendly Morning Pipeline Company, apparently started leaking just after sundown and was not stopped until a fisherman reported seeing the crude pouring into the Neches River near his favorite fishing spot the next morning. The sour crude being pumped through the pipeline contained high levels of hydrogen sulfide, a toxic gas. A major fish kill has been reported along a 20-mile stretch of the river.
The National Critical Infrastructure Security Operations Center (CI-SOC) is working with PSSOO and the Federal Bureau of Inquiry and the Texas Environmental Commission to investigate this incident. Local law enforcement has been told that this may be an environmental terrorist attack, but none of the federal agencies involved in the investigation are willing to use the T word publicly.
George Friendly, President and Owner of the affected pipeline company talked with reporters this morning. He noted that the company was using a pipeline SCADA system that was specifically designed for secure monitoring and controlling of pipeline operations. “We worked closely with Albert Foxborough, the founder of Flintstone Tech in his development of their pipeline secure automation system.” Friendly explained.
A source, who must remain nameless because they are not allowed to talk to the press, with the CI-SOC explained that the Flintstone PSAS was a complete supervisory control and data acquisition system that was designed for secure communications between the various parts of the pipeline automation system. “This system was designed in early 2016 before people generally started talking about zero trust systems,” she explained; “And certainly before people started to talk about it in industrial control systems.”
Friendly agreed that the PSAS had a zero trust architecture, but explained that: “Albert started employing what is now called zero trust architecture back in 2015 when he started the design of his new operating system”. Security was built into the operating system as one of the core principles of its design. This meant that there was no need for add on security appliances or applications.
The CI-SOC technician said that Flintstone was recently disbanded when its parent company was sold. “The new owners apparently did not want to offend their customers who were manufacturers and vendors of more conventional control system and security systems.” Flintstone shutdown operations and customer support on very short notice. The last thing the company did was issue a mandatory software upgrade for their systems that effectively reduced the security communications controls of the system.
Friendly told reporters: “We had the most secure pipeline
control system the world has seen to prevent just this sort of incident. We had
to reduce the security to keep the control system functioning. Now this
happens. Where are all of the federal cybersecurity folks now?”
CAUTIONARY NOTE: This is a future
news story –
No comments:
Post a Comment