Pipelines and cyber security

In 1999, the Bellingham, Wash., gasoline pipeline ruptured killing three people. It was a control system cyber incident with many implications for future pipeline cyber impacts:

  • it was unintentional but could have been caused maliciously
  • the control system were on Ethernet LANs and could have experienced broadcast storms or other cyber impacts (no control system cyber forensics)
  • leak detection system response was not timely
  • previous SCADA problems made the some of the SCADA system response questionable
  • sensor data during the incident were questionable
  • little, if any, control system cyber security training

In 2011, the Exxon-Mobil gasoline pipeline ruptured in Montana.  It took 54 minutes to isolate the line (from Houston). Why so long? Was leak-detection system reliable and timely?

In 2010, the San Bruno, Calif., natural gas pipeline ruptured killing eight people. It was a control system cyber incident with many implications for future natural gas pipeline cyber impacts. In addition to those implications from Bellingham, the following is added:
  • weld failures weakened the line so the control system was no longer controlling the line it was designed to control
  • inappropriate maintenance on control systems can have significant system impacts (replacement of what was thought to be an uninterruptible power supply that was not uninterruptible, causing SCADA system cyber issues)
  • lack of knowledge of where manual shut-off valves were actually located has resulted in potential requirements for remote, automated, shut-off valves (cyber!). Without appropriate training and safeguards, there could be significant impacts

In 2011, the Millenium pipeline in New York reported weld failures. This has several implications:
  • unless appropriate actions are taken, this could be the next San Bruno
  • from a malicious perspective, you just told the bad guys where you are vulnerable.

These issues will be discussed at the September ACS Cyber Security Conference.  

Joe Weiss

What are your comments?

You cannot post comments until you have logged in. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments