The rumors I’m hearing out of the oil patch - and they’re only rumors - is that Colonial got infected all the way down the line from their control center. They *had* to completely shut down everything (which, honestly, is a good thing, we don’t need exploding pipelines) as they were losing control.
Yes, depending on what it is, you can get stuff that will infect PLCs and embedded PCs controlling valves and doing monitoring. I did hear that part of the issue was that some of their gear is actually still intact and didn’t get infected, but the managing servers they talk to dropped offline and the field gear went into failsafe once it realized it wasn’t communicating any more and now they have to go get it out of that condition.
The rumors also say that Colonial didn’t have proper backups and didn’t begin to have proper redundancy for the control systems. One rumor is that they’re going to have to do a format and reinstall/reimage on everything from the as-original state and then do whatever updates/customizations they need.
“The rumors also say that Colonial didn’t have proper backups and didn’t begin to have proper redundancy for the control systems”
Maybe, more like their Access Control Policies allowed the ransomware on upstream computers to encrypt downstream files. That is nothing short of incompetence.
If that is true...
Months. Not weeks. Months. Maybe.
Oh God
I officially have much more respect for my employer's focus on Disaster Recovery plans.
If that's truly the case, there's no way they're going to be back up and operational by the end of the week.
Colonial Pipeline has already proven they're run by complete idiots. Why would anyone think they'll be back up and running by end of week? Weeks or MONTHS would probably be far more accurate. They probably don't even have the config documentation for the servers they need to rebuild and some Bubba is going to have to do it from memory.
Good luck with that.