Cyber Trickery Is Not Exactly New

By Chris Bronk, Ph.D. Baker Institute for Public Policy, | February 2013, Vol. 240 No. 2
Buyer's Guide

Thinking about cyber and energy goes back to a great myth, which may or may not be true. It has long been rumored that agents of the Soviet government illegally obtained an industrial control computer by clandestine means from a Canadian manufacturer in the 1980s.

Unfortunately, as the tale goes, the Soviets had been duped, as the U.S. intelligence apparatus was aware of what the Russians wanted and before the computer was sent to Russia a Trojan horse was implanted in its memory. The Americans planned to have the computer fail after its point of installation.

Eventually, the computer was installed in a pipeline somewhere in Siberia and after functioning normally for some time it failed, rather catastrophically. As the story goes, a massive explosion was triggered, of magnitude not seen in east of the Urals since the Tunguska event of 1908.

New York Times columnist William Safire claimed the Siberia pipeline explosion was the brainchild of a fellow Nixon White House staffer who saw sabotage of the Soviet oil and gas industry as a valid form of covert action. Since Safire’s claim was published, a number of people have mentioned the Siberia pipeline incident, some arguing it to be ground truth while others dismiss it as rumor. But the larger economics of energy and Soviet decline are hard to dismiss.

During the 1980s, Saudi and other Middle Eastern oil production surged, and as a result oil prices fell to just above $10 per barrel. This decline in price, which produced shocks of its own in the Texas economy, was devastating to the USSR. But was the Soviet Union doubly hurt by this nascent cyber attack, cutting the amount of oil and gas it could get to market to trade for foreign currency? Did the U.S. sabotage the Soviet energy economy by blowing up a major pipeline? The answer depends on whom you choose to ask.

Networks And Pipelines
While a computer-mishap pipeline blast probably seemed somewhat far-fetched in the 1980s, today we are forced to reappraise what concern should be applied to the protection of computer systems engaged in the transmission of oil and gas.

Several years ago, my colleagues Ken Medlock, Dan Wallach and I stated that we were not deeply concerned about the risk of a major cyber attack against the electrical grid or the infrastructure upon which the oil and gas industry runs. That was due to a pair of assumptions we held. First, that much of the physical operations of infrastructure – turning on and off pumps, opening or closing valves, and so on – largely required human intervention. Second, we believed that any supervisory control and data acquisition (SCADA) process control computers were run separately from the Internet. Five years ago, we viewed the likelihood of a major cyber attack against the energy infrastructure as quite low.

Concerns now are greater. In electricity, we have seen a massive national investment in computerized metering technology undertaken by the federal government through its massive Smart Grid initiative. In oil and gas, companies have embraced smart field computerized production capabilities and other forms of automation to foster efficiency and better monitor operations. It is this latter category, of emplacing remote sensors and other systems to better manage flow of fuels, where a great deal of effort has been undertaken in the last decade.