Gas explosions possible SCADA hack of gas company?

Critical infrastructure has been targeted for a while and with this many homes exploding in different areas it has me thinking the systems were hacked.

www.foxnews.com...

For those that haven't heard of this, here is one story about just that thing and kinda nearby...

www.securityweek.com...

Several natural gas pipeline operators in the United States have been affected by a cyberattack that hit a third-party communications system, but the incident does not appear to have impacted operational technology.
Energy Transfer Partners was the first pipeline company to report problems with its Electronic Data Interchange (EDI) system due to a cyberattack that targeted Energy Services Group, specifically the company’s Latitude Technologies unit.
EDI is a platform used by businesses to exchange documents such as purchase orders and invoices. In the case of energy firms, the system is used to encrypt, decrypt, translate, and track key energy transactions. Latitude says it provides EDI and other technology services to more than 100 natural gas pipelines, storage facilities, utilities, law firms, and energy marketers across the U.S.

And a Bloomberg story on the same...

www.bloomberg.com...

At least four U.S. pipeline companies have seen their electronic systems for communicating with customers shut down over the last few days, with three confirming it resulted from a cyberattack.

On Tuesday, Oneok Inc., which operates natural gas pipelines in the Permian Basin in Texas and the Rocky Mountains region, said it disabled its system as a precaution after determining that a third-party provider was the “target of an apparent cyberattack."

A day earlier, Energy Transfer Partners LP, Boardwalk Pipeline Partners LP, and Chesapeake Utilities Corp.’s Eastern Shore Natural Gas reported communications breakdowns, with Eastern Shore saying its outage occurred on March 29. The Department of Homeland Security, which said Monday it was gathering information about the attacks, had no immediate comment Tuesday

While the EDI systems may be entry points for hackers, they are likely not the ultimate target, said Jim Guinn, managing director and global cybersecurity leader for energy, utilities, chemicals and mining at Accenture Plc, a technology consulting company.
“There is absolutely nothing of intrinsic value for someone to infiltrate the EDI other than to navigate a network to do something more malicious," Guinn said by telephone Tuesday. "All bad actors are looking for a way to get into the museum to go steal the Van Gogh painting."
He also said there is nothing inherently different about oil and gas EDI systems.

Not First Time

This isn’t the first time U.S. pipelines have been targeted. In 2012, a federal cyber response team said in a note that it had identified a number of “cyber intrusions” targeting natural gas pipeline sector companies. The group, the Industrial Control Systems Cyber Emergency Response Team, is a division of Homeland Security.
“It’s important to recognize that this does not appear to be an attack on an operational system,” said Cathy Landry, a spokeswoman for the Interstate Natural Gas Association of America. “An attack on a network certainly is inconvenient and can be costly, and something any company – whether a retailer, a bank or a media company -- wants to avoid, but there is no threat to public safety or to natural gas deliveries.”
She said she “cannot speak for any of the companies specifically about what may or may not have happened to their systems.”

They have been attacked in the past as shown above.

Wondering if this is a "test" to see the type of damage that can be done?

a reply to: Vasa Croe


Looks like "progress" has been made by the hackers since that April article you linked to. If they hack into pressure valves at Nuclear Plants, catastrophe would result.

Some sources are saying that this isn't a test run, but the actual event. Personally I'm going to wait till an investigation is conducted to see what is/isn't being talked about.

originally posted by: carewemust
a reply to: Vasa Croe


Looks like "progress" has been made by the hackers since that April article you linked to. If they hack into pressure valves at Nuclear Plants, catastrophe would result.

If they can, it is likely they are already in.

originally posted by: Guyfriday
Some sources are saying that this isn't a test run, but the actual event. Personally I'm going to wait till an investigation is conducted to see what is/isn't being talked about.

I am not sure they would announce it if it is found to be a hack. That would create pandemonium around the US if people think their house could just blow up at any time.

EDI is a platform used by businesses to exchange documents such as purchase orders and invoices. In the case of energy firms, the system is used to encrypt, decrypt, translate, and track key energy transactions.

I have done software work on nat gas EDI & power systems. It would have no relationship to control systems.

I don't doubt there are those working to get access in control systems though.

a reply to: Vasa Croe

I hope that you are wrong and this was just a terrible tragedy.

originally posted by: Vasa Croe

originally posted by: Guyfriday
Some sources are saying that this isn't a test run, but the actual event. Personally I'm going to wait till an investigation is conducted to see what is/isn't being talked about.

I am not sure they would announce it if it is found to be a hack. That would create pandemonium around the US if people think their house could just blow up at any time.

I wouldn't expect that either, but if it was a hack then I would expect a national effort to push how safe our infrastructure is. On the other hand if this was a simple accident then I expect a lot of talk about what went wrong and how it shouldn't happen in the future. Hence my "what is/isn't being talked about". Real accidents are usually followed by open talks about the causes, and sabotage is usually followed by feel good campaigns.

originally posted by: roadgravel

EDI is a platform used by businesses to exchange documents such as purchase orders and invoices. In the case of energy firms, the system is used to encrypt, decrypt, translate, and track key energy transactions.

I have done software work on nat gas EDI & power systems. It would have no relationship to control systems.

I don't doubt there are those working to get access in control systems though.

Yeah....the articles talk about EDI being the entry point. There are dozens of other articles on critical systems being hacked.

If they got to controls then that is a very bad thing....especially for gas.

originally posted by: DBCowboy
a reply to: Vasa Croe

I hope that you are wrong and this was just a terrible tragedy.

In a way I agree with you, but if it was then that would mean that it could be due to aging infrastructure, and would be more alarming since everyone in the US could be at risk. On the other hand if it was an act of terrorism, then at least steps could be put in place to protect others that might be affected.

It's kind of like being stabbed in the chest. Once the knife is inserted and you only notice the quick pain, do you pull the knife out and create a bigger issue, or do you leave it in and hope the a professional medic can take it out before any further damage can be done? The knife in this case is the gas line and hoping for an accident is just pulling it out, while waiting for the … well I think we all get the idea.

Now I'm no smart guy. . . but could those "smart meters" be hackable?

a reply to: Vasa Croe

The entry point is not using EDI. It is used to indicate movement and volumes but it doesn't control the equipment.

Attacks could be through the same gateway. If all traffic is via the internet and control systems are attached then it comes down to security and monitoring.

originally posted by: DBCowboy
Now I'm no smart guy. . . but could those "smart meters" be hackable?

There's a joke in there I know it.


Here is a quick looking loo on google:

IoT agenda
Computer World

Sorry for the fear of it all, but it's a reality we live in.

The only way a hack could blow up a house is if a gas appliance was connected to the internet, and the appliance was remotely hacked to release gas in the house until something set it off. I have installed a gas oven with Bluetooth so maybe somebody found a way to plant a virus in them... Hacking gas distributors will not cause an explosive situation in people's houses.

Most likely these explosions are the result of coincidental failure of components, or sabatoge by somebody physically inside the houses.

originally posted by: Guyfriday

originally posted by: DBCowboy
Now I'm no smart guy. . . but could those "smart meters" be hackable?

There's a joke in there I know it.


Here is a quick looking loo on google:

IoT agenda
Computer World

Sorry for the fear of it all, but it's a reality we live in.

I'm not sure if they could regulate flow from the smart meter and also no sure if they could hack multiple at the same time.

I am wondering though....these explosions all seem to have happened in homes/businesses. That would make me think more that this was a hack to push gas into the open valves, or opening the valves themselves. Wouldn't a leak have blown somewhere on the ground as well? Not just the homes?

a reply to: Vasa Croe


I'm thinking about having the meters ignore a leak more than anything else. If the meters think that nothing is wrong then the meters will just operate like normal even if a massive situation was taking place.

a reply to: SouthernForkway26

I'm sure authorities will investigate what each of those homes had in common, if anything.

originally posted by: SouthernForkway26
The only way a hack could blow up a house is if a gas appliance was connected to the internet, and the appliance was remotely hacked to release gas in the house until something set it off. I have installed a gas oven with Bluetooth so maybe somebody found a way to plant a virus in them... Hacking gas distributors will not cause an explosive situation in people's houses.

Most likely these explosions are the result of coincidental failure of components, or sabatoge by somebody physically inside the houses.

Would it be possible for someone to know the pipe burst pressures of where the mains connect to the smaller house lines and force the pressure to blow them? Basically hacking the main system and upping the pressure to all at once?

I would guess it would cause multiple explosions at one time, but once those blew it would depressurize and no more would blow?

a reply to: Vasa Croe


I'm wondering if this could be a bigger issue. If this was a terror attack, then could this be a quick run (and I'm only tossing this out there for speculation) on a bigger target? Does Boston still have those tankers on Natural Gas come into the harbor?

I too am wondering if part of the system was over pressured. I doubt the pressure is stepped down at each house. I could be an issue with one piece of equipment.