Colonial Pipeline Hack is an Act of War May 14, 2021

NEWT GINGRICH AUDIO CONTENT ^ | May 14, 2021 | Newt Ginrich

[yoe]

Last week, the Colonial Pipeline Company gave nearly $5 million to an Eastern European criminal group that hacked them. This should bother us. We should all be bothered that our government can’t protect our companies. We should all be bothered that there’s a real cyber war underway and terrible things could happen in a matter of seconds.

[maddogtiger]

Russia Smussia.

[Oil Object Insp]

Yes, there should be a much isolation as possible, but going w/o
access to the internet...

Do you think it would be a good idea to have the ppl go back to control by radio? That was one of the ways it “used” to be done.

This isn’t the 30s or 50s, or even the 80s.

How else are you going to connect 100s or even 1000s of miles of pipe and more importantly valves, sensors, and timing devices together to coordinate the different products and tanks that’s running through the system? Don’t forget the important systems like leak and theft detection.

Yes, they could have dedicated fiber optic running along the RoW, but almost none are handled that way. I know of a few that are, but these are definitely outliers.

Carriers today handle multiple products in the same line, with much less transmix than ever before. Running manual is a very risky proposition, too many high likelihood, high consequence scenarios too allow for anything real duration.

[HKMk23]

Wouldn’t need optical fiber if you could do line-of-sight IR laser TX/RX.

Microwave would surmount low/no visibility scenarios

There is radio, like way back when, but now with modern frequency-hopping to prevent eavesdeoppers.

Could even do 256-bit encrypted packets over shortwave.

A step down would be to set the whole thing up as part of the company domain and permit acess ONLY via VPN. Any connecting computer becomes a point of failure, tho, so the only way to safe that system is to have the connecting computers be something like custom configured Chromebooks that have no normal browser installed, are managed from within the domain, and can’t connect to any other domain. Use of an RSA key as part of a multi-factor login would be a given.

I favor pseudo-random frequency-hopping, encrypted packet radio, myself, and no control points outside secured work sites.

[Oil Object Insp]

Ppl can’t always have line of sight.

As for your other proposed methods they all have been done, or are still used in some places, though they all have their shortcomings, though plenty use it have used them in the past. Open AM and FM was used on some that I was involved with until the 90s. Looking back, there was a bunch of stuff that was done that we shake our collective heads about.

Like you mentioned regarding the computers, there are wide variety of what is used. I’ve seen places run on 10+year old store bought desktops to rack mount computers. Large industrial reach mount, multiple parallel operating hot swappables. Primary, secondary monitoring the primary, tertiary watching the primary and the secondary, etc. There should be off site, or at least remote redundancy also. All with programs running to report anomalies. Entry points are supposed to be very limited, controlled. Operating control systems separate from personnel work network. It’s not as easy to control points of entry for a ppl, as say a refinery, terminal, or tank farm.

The cost of manning every site is not cost effective, and remember ppl are effectively toll roads for products. Charging a fee to move something from A to B. If the cost is too high, alternatives will be found.

Some places take safety of their systems to great lengths, others have never really done their homework, and as the last two weeks have shown there are places that are vulnerable. Some of these places are VERY vulnerable. An example of what happens when places play fast and loose.

Hopefully this serves as wake up call, but plenty of history has shown otherwise.