Cyber Security And The Pipeline Control System

By Eric J. Byres, P.Eng., Lantzville, BC, Canada | February 2009 Vol. 236 No. 2

In the winter of 2002-2003, Venezuela found itself in the grip of the largest and longest strike in Latin American history. Lasting from Dec. 2 until Feb. 2, the strike paralyzed the oil industry through work stoppages and acts of sabotage.

According to a published report at the time, Ali Rodriguez, the head of Petróleos de Venezuela, S.A. (PDVSA), stated:

"[...] we have suffered many acts of sabotage at the terminals, the refineries, and even to some wellheads in Lake Maracaibo. There were even instances of computer hacking which did a lot of damage since much of the operation is centrally controlled by computer."

Details of the cyber attacks on PDVSA’s systems were slow to emerge, but it seemed that hackers were able to penetrate the SCADA system responsible for tanker loading at a marine terminal in eastern Venezuela. Once inside, the hackers erased the programs in the programmable logic controllers (PLCs) operating the facility, preventing tanker loading for eight hours. Fortunately for PDVSA, the tactics of attackers were unsophisticated, making detection of the problem relatively easy, and backups of the PLC programs were unaffected, making recovery straightforward.

Two years later a book by Thomas Reed, senior U.S. national security official, made it clear that not all pipeline operators are so lucky. In his book, At The Abyss, Reed reported how the U.S. allowed the USSR to steal pipeline control software from a Canadian company. Unknown to the Russians, this software included malicious code (known as a Trojan horse) that caused a major explosion of the Trans-Siberian gas pipeline in June 1982. The Trojan ran during a pressure test on the pipeline and massively increased the usual pressure, causing the explosion. Reed writes:

"In order to disrupt the Soviet gas supply, its hard currency earnings from the West, and the internal Russian economy, the pipeline software that was to run the pumps, turbines, and valves was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds.”

By creating an explosion with the power of a three-kiloton nuclear weapon, the U.S. managed to disrupt supplies of gas and consequential foreign currency earnings of the Soviet Union for over a year.

These instances of computer hacking were the first public examples of the susceptibility of oil and gas operations to deliberate external cyber attacks on control systems. For many companies it forced a complete re-evaluation of what cyber security meant when it came to oil and gas SCADA-control systems.

Misunderstanding The Risk

Internal surveys at several major oil companies indicated that managers often misunderstand the situation they face when it comes to SCADA security. First, many believe that the Information Technology (IT) group automatically looks after SCADA security as well. This is rarely the case.