Pipelines and cyber security

In 1999, the Bellingham, Wash., gasoline pipeline ruptured killing three people. It was a control system cyber incident with many implications for future pipeline cyber impacts:

  • it was unintentional but could have been caused maliciously
  • the control system were on Ethernet LANs and could have experienced broadcast storms or other cyber impacts (no control system cyber forensics)
  • leak detection system response was not timely
  • previous SCADA problems made the some of the SCADA system response questionable
  • sensor data during the incident were questionable
  • little, if any, control system cyber security training

In 2011, the Exxon-Mobil gasoline pipeline ruptured in Montana.  It took 54 minutes to isolate the line (from Houston). Why so long? Was leak-detection system reliable and timely?

In 2010, the San Bruno, Calif., natural gas pipeline ruptured killing eight people. It was a control system cyber incident with many implications for future natural gas pipeline cyber impacts. In addition to those implications from Bellingham, the following is added:
  • weld failures weakened the line so the control system was no longer controlling the line it was designed to control
  • inappropriate maintenance on control systems can have significant system impacts (replacement of what was thought to be an uninterruptible power supply that was not uninterruptible, causing SCADA system cyber issues)
  • lack of knowledge of where manual shut-off valves were actually located has resulted in potential requirements for remote, automated, shut-off valves (cyber!). Without appropriate training and safeguards, there could be significant impacts

In 2011, the Millenium pipeline in New York reported weld failures. This has several implications:
  • unless appropriate actions are taken, this could be the next San Bruno
  • from a malicious perspective, you just told the bad guys where you are vulnerable.

These issues will be discussed at the September ACS Cyber Security Conference.  

Joe Weiss