[BikerJoe]

If they had competent IT/policies and had kept up to date or taken reasonable, commonplace security precautions, this would not have happened.

Agreed, but unfortunately, backups can be bad, which is why you do periodic testing instead of just trusting that they're OK. There is almost NOTHING coming out about this whole incident. If some moron clicked a link on a phishing email that infected office systems, that's one thing. But did it spread to the control center? Are there payloads that, God forbid, can actually get out and infect PLCs on the line? (If that's the case, then we might be screwed for a while, although Colonial says they'll be back up by the end of the week, apparently.)

[Spktyr]

The rumors I’m hearing out of the oil patch - and they’re only rumors - is that Colonial got infected all the way down the line from their control center. They *had* to completely shut down everything (which, honestly, is a good thing, we don’t need exploding pipelines) as they were losing control.

Yes, depending on what it is, you can get stuff that will infect PLCs and embedded PCs controlling valves and doing monitoring. I did hear that part of the issue was that some of their gear is actually still intact and didn’t get infected, but the managing servers they talk to dropped offline and the field gear went into failsafe once it realized it wasn’t communicating any more and now they have to go get it out of that condition.

The rumors also say that Colonial didn’t have proper backups and didn’t begin to have proper redundancy for the control systems. One rumor is that they’re going to have to do a format and reinstall/reimage on everything from the as-original state and then do whatever updates/customizations they need.