Yesterday’s Baton Rouge refinery shutdown was ultimately due to an attack on a building control system, according to reports this morning by Dragonfire Cyber. The Ravard Refinery was shutdown Sunday by three crashing servers supporting the facility control systems. Kate Libby from Dragonfire reports that those servers failed due to overheating when attackers took over control of the server room cooling system.
“Attackers changed the PLC programming for the HVAC system,” Libby told reporters this morning; “They changed room temperature set points and bypassed the temperature reporting process so that only expected temperatures were reported to the facility control room.”
Reportedly, no vulnerabilities in the PLC were involved in the attack. Access to the Robotron GS Building Control System (BCS) provided the necessary authorization to access to the PLC and change its programming. “This should require physical access to the GS BCS controls in the server room,” Libby explained; “But someone had set up port forwarding on the system firewall enabling remote access to Port 3671 on the BCS. No authentication is required when accessing the system through that port.”
A technician working with Dragonfire that is not authorized to talk to reporters told me that it looked like an integrator had set up the port forwarding to provide remote access for maintenance support for the building control system. Maintenance of the HVAC system and its associated controls is handled by a local vendor, not the refinery staff.
The Federal Bureau of Inquiry is investigating the attack on the refinery. “There is no indication that this was a terrorist attack,” FBI spokesman Johnathan Quest told reporters; “We are currently looking at the possibility that this was an economic attack.”
The refinery recently switched over their production mix to produce #2 fuel oil. This household heating fuel is shipped to the northeastern United States via pipeline. Heating oil stocks in New England are at historic lows for this time of year and the Ravard Refinery is a prime supplier into that market. It will take at least two weeks for the refinery to restart because of minor equipment damage sustained in the emergency shutdown. This will lead to shortages in heating oil supply as people are trying to fill their tanks for the coming winter season.
No comments:
Post a Comment