Pipelines and cyber security

In 1999, the Bellingham, Wash., gasoline pipeline ruptured killing three people. It was a control system cyber incident with many implications for future pipeline cyber impacts:

• it was unintentional but could have been caused maliciously
• the control system were on Ethernet LANs and could have experienced broadcast storms or other cyber impacts (no control system cyber forensics)
• leak detection system response was not timely
• previous SCADA problems made the some of the SCADA system response questionable
• sensor data during the incident were questionable
• little, if any, control system cyber security training

In 2011, the Exxon-Mobil gasoline pipeline ruptured in Montana.  It took 54 minutes to isolate the line (from Houston). Why so long? Was leak-detection system reliable and timely?In 2010, the San Bruno, Calif., natural gas pipeline ruptured killing eight people. It was a control system cyber incident with many implications for future natural gas pipeline cyber impacts. In addition to those implications from Bellingham, the following is added:

• weld failures weakened the line so the control system was no longer controlling the line it was designed to control
• inappropriate maintenance on control systems can have significant system impacts (replacement of what was thought to be an uninterruptible power supply that was not uninterruptible, causing SCADA system cyber issues)
• lack of knowledge of where manual shut-off valves were actually located has resulted in potential requirements for remote, automated, shut-off valves (cyber!). Without appropriate training and safeguards, there could be significant impacts

In 2011, the Millenium pipeline in New York reported weld failures. This has several implications:

• unless appropriate actions are taken, this could be the next San Bruno
• from a malicious perspective, you just told the bad guys where you are vulnerable.

These issues will be discussed at the September ACS Cyber Security Conference.  Joe Weiss