As Predicted – Oil Pipeline Under Siege from Cyberattack
19-05-2021 | By Robin Mitchell
Recently, a fuel pipeline in the US came under a ransomware attack resulting in the suspension of the oil pipeline. How have industrial systems changed over time, what happened to the pipeline, and why should infrastructure consider “de-digitalising”?
How the Industrial Landscape has Changed
The digitalisation of the world has seen tremendous achievements by man, creating a global network that allows the transfer of information, smart devices that can predict behavioural patterns, and autonomous systems that can control every aspect of a home. But it is not just the commercial and business worlds that have been touched by technology; even the industrial world has undergone dramatic changes in a very short time frame.
Industrial systems have commonly remained archaic when compared to the latest technology as they are not required to undergo rapid changes when operational, and require large sums of startup capital. Simply put, if an industrial process is designed and operates efficiently, it can be expected to be in service for decades. Therefore, it only makes sense to update or replace industrial machinery when it either fails or no longer operates at profit.
However, the introduction of internet-based technologies such as remote sensors and controllers is opening the industrial world to a new era of rapid innovation. Instead of waiting for the machinery to fail or become too old, they can instead be rejuvenated with ease using add-on hardware installed in minutes. What used to be controlled by discrete relays in ladder logic cabinets is now being replaced with state-of-the-art PLCs with all kinds of communication protocols, sensor systems, monitors, and HMIs. As a result, today's factories are unrecognisable from the factories of yesterday and arguably are now mostly silicon.
Colonial Pipeline hit by Ransomware
Recently, the US largest pipeline operator, Colonial Pipeline, suffered a ransomware attack that has hit its IT infrastructure. However, the ransomware affected their administration and IT systems. It has also knocked out the companies pipeline system meaning that oil transportation has now shut down. The pipeline stretches from Texas to New Jersey and is a major oil supply line for the east coast. Multiple points along the pipeline are used to provide fuel to states that intersect the pipeline and the fuels provided include those for standard vehicles (petrol and diesel), and jet fuel. It is expected that the downed pipeline will cause fuel prices in the surrounding states to rise until the company returns the pipeline to operation.
This ransomware attack was only possible due to the sheer amount of digitisation that goes into modern industrial and infrastructure systems. While such systems enable improved efficiencies and safer operation, the downside is that using digital systems leaves them open to cyberattack. To make matters worse, many industrial systems utilise publicly available standards such as Wi-Fi, Ethernet, and IP meaning that they are easily accessible from any location in the world that has internet access.
It is believed that in this instance that the attackers exploited an email attack whereby malicious code is either embedded into an email or a link to a malicious site is used. Once accessed, the attackers can form a connection and inject backdoors or other forms of malware. Furthermore, it is also believed that the attackers are located in Russian, but it is unclear if the attack was merely standard criminals or government operatives. Attackers can also take advantage of third-party software that has not been updated or integrates bugs (I have personally performed such an attack during my school years. For example, the software program Macromedia Fireworks 2004 requires elevated privileges. Using the explorer in the program, other executable files can be run despite not having permission to run executable files).
Why Infrastructure Should Become Ancient
This is not the first time a major piece of infrastructure has been attacked by cybercriminals. For example, in February, a water treatment plant in the US was attacked by a criminal who wanted to increase the quantities of fluoride to toxic levels. While a plant operator was able to spot the change in levels and respond immediately, the fact that an outside attack on the plant was possible raises serious questions regarding connected technologies and infrastructure.
There is nothing wrong with using cutting-edge technologies in infrastructure; it can be hugely beneficial if anything. However, the problem with modern technology is the use of connective technologies that allow devices to form remote connections and pass information. While this is essential for devices such as computers and phones, there is a real argument to be had regarding its use in infrastructure.
Oil has the nickname “black gold”, and it rightly deserves this name when considering how all nations on the planet are dependent on it to function. Like electricity and water, if the oil supply is disrupted then the following economic fallout can be disastrous. First, the price of oil rises which increases logistical costs of transportation, increasing the price of products. Furthermore, a rouge nation could use such an attack to cripple other nations and possibly use such an attack as a precursor to an invasion.
So, should infrastructure ditch networking technologies? Yes, and there is no other answer to that question. Would it cause engineers massive headaches? No doubt. Would it improve national security? Absolutely. Networking technologies accessible to the general public should be kept as far away from critical infrastructure as possible.
Read More