Slashdot Mirror

← Back to Stories (view on slashdot.org)

Offshore Drilling Rigs Vulnerable To Hackers

Posted by Soulskill on from the what-do-you-mean-software-needs-to-be-updated dept.

Hugh Pickens writes "Foreign Policy magazine reports that a research team from the SINTEF Group, an independent Norwegian think tank, has warned oil companies worldwide that offshore oil rigs are highly vulnerable to hacking as they shift to unmanned robot platforms where vital operations — everything from data transmission to drilling to sophisticated navigation systems that maintain the platform's position over the wellhead — are controlled via wireless links to onshore facilities. 'The worst-case scenario, of course, is that a hacker will break in and take over control of the whole platform,' says Martin Gilje Jaatun, adding that it hasn't happened yet, but computer viruses have caused personnel injuries and production losses on North Sea platforms. The list of potential cyberattackers includes ecowarriors aiming to jack up an oil firms' production costs, extortionists drawn to oil firms' deep pockets, and foreign governments engaging in a strategic contest for ever-more-scarce global oil reserves, says Jeff Vail, a former counterterrorism and intelligence analyst with the US Interior Department. 'It's underappreciated how vulnerable some of these systems are,' says Vail. 'It is possible, if you really understood them, to cause catastrophic damage by causing safety systems to fail.'"

27 of 116 comments (clear)

  1. A proper shell account by Krneki · · Score: 5, Funny

    Now, "I got a shell account" gets a whole new meaning.

    --
    Love many, trust a few, do harm to none.
  2. Astounding by mysidia · · Score: 3, Informative

    computer viruses have caused personnel injuries and production losses on North Sea platforms

    They run Windows-based control software, and don't take the most basic security precautions such as banning web browsing and operators from executing unsigned files on management consoles?

    1. Re:Astounding by Anonymous Coward · · Score: 2, Insightful

      It confuses me to no end how many systems are based on Windows PCs, even though they only perform trivial tasks that wouldn't pose a challenge to something like a 16-bit home computer of 20 years ago, when operating systems booted of floppy disks and 2MB of RAM were luxurious. Those systems should run a stripped-down embedded OS, not a desktop OS. I've seen a self-checkout cash register system boot up: Java on top of Windows. Somebody got paid for that, handsomely too I suspect.

    2. Re:Astounding by Viol8 · · Score: 3, Informative

      "I've seen a self-checkout cash register system boot up: Java on top of Windows"

      Back in the early 90s I used to work for a firm that did checkout software. When I arrived it was written in C with a large amount of assembler on top of DOS and ran at a blistering pace even on a 286. Then some gimp of a manager got taken to lunch by some greasy haired sales rep and next thing we knew it was being re-written in VB & Powerbuilder (yeah , I know, laugh now but people used to think it was cool) on top of Win 3.1.

      Upshot? It ran at about 1/4 the speed and crashed far more often plus the PCs needed to be 386 minimum - cue lots of upgrading by customers.

      Apparently they call it "progress".

    3. Re:Astounding by Anonymous Coward · · Score: 2, Insightful

      I'm not proposing that cash register software should be written in assembly language and run on 16bit processors. I just don't understand why a cash register needs a copy of Solitaire and Internet Explorer, especially when the application doesn't even use anything Windows specific because it runs inside the JavaVM.

    4. Re:Astounding by lysergic.acid · · Score: 4, Insightful

      How is going from C + ASM on DOS to VB + Powerbuilder on Win 3.1 more maintainable? Are you seriously suggesting that all embedded systems should be running a desktop OS for maintainability reasons (or that no embedded software is maintainable)?

      I remember using VB4 back in the day (Win98, I think) and even then the VB IDE had a hard time opening VB3 projects. Good luck trying to get Visual Studio 2008 to open a VB2 project. With C and ASM, at least you can code the project in a variety of IDEs--even plaint-text editors. What are you going to use to open an .frx file other than VB?

      Furthermore, you can write maintainable C/ASM code for an embedded RISC/ARM processor just as you can write unmaintainable spaghetti code for an x86 Windows platform. If you're writing software for a desktop platform, you're going to have to update it every few years to keep up with changes in the mainstream desktop platform (new OS, new processors, etc.). If you're writing software for embedded systems then you'll only need to update your software when you decide that you want to change processors, chipsets, or add new features. Re-compiling your code for the next version of the ARM processor is likely to be easier than re-writing your entire application to use a different set of system libraries.

    5. Re:Astounding by MrNaz · · Score: 5, Insightful

      This whole thread is on the wrong track.

      Safety on an oil rig should not be in software. It should be mechanical. A big fat mechanical-reflex operated titanium counterweight that closes a wellhead when pressure is lost can't be hacked in software. Yea, they can shut the rig down, but catastrophic permanent environmental damage is avoided.

      The same goes for all last-line safety systems. They should be 100% mechanical, uninfluenced by these unreliable, capricious devices we call computers.

      --
      I hate printers.
  3. Even Microsoft will have in its smallprint ... by Viol8 · · Score: 2, Insightful

    ... (along with most other computer/OS manufacturers) that the OS is *NOT* to be used in situations where failure of the system may lead to injuries or loss of life. The fact that a consumer OS is being used at all, never mind one so suscpetable to malware, in a scenario wheres peoples lives may hang in the balance is frankly staggering.

  4. I remember how this one goes by Sockatume · · Score: 2, Funny

    So, you hack in, and then it turns out that the Patriots have released nanomachines to control the flow of phonemes as part of the S5 program to eliminate the meal of breakfast in collaboration with the reverse vampires.

    --
    No kidding!!! What do you say at this point?
  5. How long... by fuzzyfuzzyfungus · · Score: 2, Insightful

    Before "Therac-25" becomes a verb in general use?

    "What happened to Bob?"

    "He was Therac-25ed by the drillbot when the control system went down."

  6. sounds like by gEvil+(beta) · · Score: 2, Funny

    I smell the makings of a new Michael Bay movie! A group of terrorists from (insert nation/region here) systematically take over all the robotic oil rigs and hold the world's oil supply hostage. And only one man can take them on to save the world!

    --
    This guy's the limit!
    1. Re:sounds like by theIsovist · · Score: 2, Funny

      come on, hackers taking over oil rigs (or tankers for that matter?!) Who would make a movie like that? Oh wait... http://www.imdb.com/title/tt0113243/

  7. Hack The Planet by ticklemeozmo · · Score: 4, Funny

    I hope nobody finds the old Davinci Virus which was written about 25 years ago...

    --
    When modding "Informative", please make sure it both has a source and IS actually informative.
    1. Re:Hack The Planet by Chris+Mattern · · Score: 2, Funny

      Don't worry, Dan Brown completely obfuscated the code for that.

    2. Re:Hack The Planet by Galestar · · Score: 2, Interesting

      I think somebody's going slap happy with the Troll mods. Either that are just never saw Hackers.

      --
      AccountKiller
  8. Re:WTF: OpenSource Tag More Important by Informative · · Score: 3, Insightful

    Either the reporter doesn't get it, or it's FUD. Wikipedia lists two open source versions: OpenSCADA and FreeSCADA, but mentions that the original versions (presumably "decades-old") were on Unix or VMS and proprietary; hardly open source. (http://en.wikipedia.org/wiki/SCADA)
    The "Astounding" post above says "They run Windows-based control software". That *is* astounding, and should be considered criminally negligent.

  9. SINTEF is no "think tank" by orzetto · · Score: 4, Informative

    SINTEF is not a think tank, it is a major applied-research institution. It is similar (with due proportions) to the Fraunhofer Institute in Germany.

    --
    Victims of 9/11: <3000. Traffic in the US: >30,000/y
  10. The original reports by hhg · · Score: 4, Informative

    The SINTEF-report can be found here:

    http://www.springerlink.com/content/8v34n016j3648872/

    and the base report for a successful attack is here:

    http://sislab.no/redteam.pdf

  11. SINTEF should not Cry Wolf by Terje+Mathisen · · Score: 4, Informative

    Disclaimer: My first job after graduation was with SINTEF, next I worked 24 years for Hydro/StatoilHydro (Norway's largest offshore oil operator), where I (among many other things) specified how the production and admin networks should be separated on each platform.

    First of all: Most North Sea platforms use fiber links these days, microwave is only there as a backup in case something cuts the fiber, which means that if you want to use the radio link as your attack point, you must first locate and disable the fiber(s).

    Second, the production networks, which is the only part which can directly affect platform infrastructure has significantly better security than the office/admin net.

    I.e. you would first have to hack into the regular StatoilHydro network, then find a way to pass through the admin/process firewall before you could even start to try to take over one or more control computers. (And afaik none of these run any form of open source SCADA sw.)

    Finally, the 'integrated operations' mentioned in the article consists of special on-shore operations rooms which have strict physical security checks: The computers inside these rooms are indeed part of the production network, they have no direct links at all to the office/admin net and/or the Internet.

    Terje

    --
    "almost all programming can be viewed as an exercise in caching"
    1. Re:SINTEF should not Cry Wolf by ouachiski · · Score: 2, Informative

      Almost all of the big oil companies have no Internet connection to mission critical parts of the rig. They have there own rack of equipment at the earth station with a dedicated line back to there offices. This rack of equipment is isolated from all equipment in a locked cabinet. If they want Internet on the oil platform it requires a completely different modem but that is a luxury item on these platforms. I see every day just how strict these companies are on security. Unless you have a key to get into the equipment room and then a key to git into there own locked rack or are at there offices with there massive amounts of security you cant even ping a modem that runs this mission critical data.

      --
      sorry for my comments, I'm drunk
  12. The real problem is OPC... by simp · · Score: 2, Informative

    These days everybody runs on Windows XP. No problem there; XP machines can be made secure. The real problem is this quote from the report: "We have performed penetration testing on OPC, which is a central component in process control systems on oil installations.". OPC protocol is based on DCOM. And most people want to do DCOM via a network to remote platforms. That is where the problems start. DCOM is horrible. There are solutions: Matrikon makes a good tunneler program for example, other SCADA and DCS vendors also do tunneling of OPC via safer methods than DCOM over a wide area network.

    Conclusion: the report has some good points, the summary in the above link is FUD.

    Disclaimer: I work with DCS's (also on remote oil platforms) for a living...

  13. I hope the oil companies will at least... by Dr_Ken · · Score: 2, Insightful

    ...pay a few real live human beings to stay on those rigs to provide some degree of security. In the end I trust people way more than tech or code no matter how advanced it is. Automation is fine and more efficient but if things go balls up it's nice to have a guy on site that can pull the plug or push a button and shut it all down before millions of gallons of crude go pouring into the ocean.

    --
    "If you want to know what happens to you when you die, go look at some dead stuff."
    1. Re:I hope the oil companies will at least... by SleazyRidr · · Score: 2, Informative

      IAASE (I am a safety engineer) (mainly working with offshore oil)

      The thing about that is that to have one or to people there you need to have the whole set of things to keep people alive. Think space travel (albeit to a far lesser extent.)

      One of the projects I was working on called for unmanned operation but people to go onto the platform for offloading (every two weeks.) That caused a real fun 'discussion' coz if you're going to put someone on there every two weeks, you may as well leave them there full time for all the hassle it's going to cause.

      Final point: the principle reason for having unmanned platforms is money, but the savings are mainly in the reduced need for safety systems and the lower risk (lower insurance etc.) Putting people out there is an incredible ricky proposition, so just from a safety standard should be avoided whenever possible.

      --
      Is 1563649 a prime number?
  14. Where it the article... by sean.peters · · Score: 2, Interesting

    ... does it say they used Windows? At a recent conference on software safety and security, I heard a presentation on this topic that indicated that a lot of these incidents are like the one quoted in the article - a disgruntled employee or ex-employee with knowledge of how the system works, hacks into the wireless control network, and causes damage by incorrectly operating valves or altering sensor readings, causing an inappropriate reaction by the system. The example quoted was a water treatment facility that was part of a resort complex in Australia. Like this example, one of the contractors that installed the wirelessly operated system was disgruntled over not getting a permanent job. So he showed up outside the facility with a wireless equipped laptop, gained access to the system, and caused raw sewage to be discharged into the environment. He did this repeatedly before being caught. But this had nothing whatsoever to do with Windows.

    Given that the article provides no examples, I take the line about "computer viruses causing injuries and production losses" with a huge grain of salt. I'd bet the mortgage payment that what really happened is that computer viruses in non-essential, but Windows based systems caused economic damages by deleting or altering financially significant data.

    1. Re:Where it the article... by mysidia · · Score: 2, Insightful

      Actually, sorry. Inadequate access controls and credential security on the wireless control network and insufficient encryption of data channels is an even worse situation indicating an even greater level of incompetence (or lack of existence) of network security staff.

      Wireless control networks are inherently dangerous. When an employee is released, their credentials must be made invalid immediately, and the encryption keys should be changed frequently.

  15. Re:TFA seems to have some dubious facts by TooMuchToDo · · Score: 2, Insightful

    There are a couple of "iffy" items in the article. First, how can an oil leak detector cause oil leaks (let alone spills)?

    If you're an attacked were to determine there was an existing leak, then disable the leak monitor, then command a pump to increase pressure, you could cause damage depending on the pressure rating of the pipes/fittings in question. Other than that, I agree that it would be difficult to cause damage with simply a sensor alone (unless it's a critical sensor in an industrial process).

  16. Re:What is the alternative? by Mr.+Freeman · · Score: 3, Insightful

    You assume that the choices are:
    A) Microsoft OS (which specifically states that it is NOT FOR USE WHERE PEOPLE MAY DIE)
    B) Some fucking idiot with 3 days of C programming classes making a custom operating system.

    Alright, I guess I have to explain this to you.
    It is possible to hire experienced, knowledgeable people to develop custom operating systems. It is also possible to have that code thoroughly reviewed, tested, etc. to make sure it won't fail in such a way that people die.

    Yes, it's more expensive to create/maintain/fix. But on the other hand, people won't die this way.

    Seriously, do you use carabiners that say "not for climbing" when you go climbing because they're "cheaper" and "easier to replace"? If not, then you probably should so that you may rid us of your misguided thought that devices that say "NOT FOR USE WHERE PEOPLE MAY DIE" are perfectly suited to things where people may die.

    --
    -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.