Immanuel C. Securitage, spokesperson for ECS-CERT today told
reporters that last weeks attack on a Baton Rouge chemical manufacturing
facility was apparently more successful than originally planned by the cyber
attackers responsible. Information uncovered today indicates that the attacker’s
original plan was to apparently disable acrylamide production, not
destroy the acrylic acid tank that exploded and caused the facility fire.
As the investigators from the Agency for Chemical and
Environmental Security (ACES) were going through the facility today looking at
the consequences of the attack while waiting for clearance to enter the acrylic
acid storage building found problems with all of the acrylamide transfer lines
in the facility. Like the line that exploded, injuring three firefighters, all
of whom have been released from the hospital, every acrylamide transfer line in
the facility was full of acrylamide.
Daniel Varg, the ACES spokesman, explained that acrylamide
transfer lines used to move the monomer around the facility are normally blown
empty when they are done being used. This is to prevent the monomer from
polymerizing in the line. This is especially critical when temperatures drop
below 50˚F. At that
temperature the acrylamide freezes out of solution (this facility manufactures
50% acrylamide in water). That process separates the acrylamide from the chemical
that is added to the solution to inhibit the polymerization reaction.
We did see temperatures drop below that level after the
facility shut down manufacturing before their Christmas break. When
temperatures warm back up the acrylamide goes partially back into solution, but
does not mix with the inhibitor. Transfer lines that are in the sun can reach
temperatures where the monomer can then start the polymerization process, blocking
the lines with a polymer plug that has to be cut out of the line.
It appears that there are multiple blockages in most of the
transfer lines in the facility. This essentially shuts down acrylamide product
until all of the lines can be inspected and all of the blockages cleared. Blew
Bayou Chemical estimates that it will be at least two week until production can
resume, and most of the transfer lines from storage tanks to truck and rail
loading lines were also blocked.
A spokesman for Dragonfire, a company that is supplying
control system forensic experts to assist ECS-CERT in their investigation, told
reporters that the code for filling the transfer lines was written before the code
for the attack on the acrylic acid tank. That acrylic acid attack depended upon
the existence of a bad check valve in an airline going into a reaction vessel.
That problem was not identified by Blew Bayou until just before their shutdown
before Christmas. Dade Murphy explained that it appears that the attackers saw
the work order on the maintenance server and realized that it provided them
with another mode of attack on the facility.
Murphy also explained that at least one of the people
writing exploit code for the attack appears to have been a native Chinese
speaker. He would not go into details about how Dragonfire made that
connection. After hearing that announcement, IB Kaghun, spokesman for Blew
Bayou was heard to be saying something about Tianjin Chemical when the company
attorney, Charlene Matlock pulled him away from the dias.
China Water Treatment, a US subsidiary of Tianjin Chemical,
announced today that they also had acrylamide available for shipment from its
terminal in New Orleans.
CAUTIONARY NOTE: This is a future news story –
No comments:
Post a Comment