Slashdot Mirror
The Cyber Threat To the Global Oil Supply
Lasrick writes "Blake Clayton has an excellent piece on the cyber threat to the global oil supply. His description of the August attack on Saudi Aramco, which rendered thirty thousand of its computers useless, helps make his point. From the article: 'The future of energy insecurity has arrived. In August, a devastating cyber attack rocked one of the world’s most powerful oil companies, Saudi Aramco, Riyadh’s state-owned giant, rendering thirty thousand of its computers useless. This was no garden-variety breach. In the eyes of U.S. defense secretary Leon Panetta, it was “probably the most destructive attack that the private sector has seen to date.”'"
That's adorable.
From the article: "probably the most destructive attack that the private sector has seen to date" ... and then "Saudi oil operations were unaffected by the computer outage". Wow, that is truly destructive.
Then there is this nugget "American consumers could suffer because of an incident involving an oil company that they know little about and is located thousands of miles away".... so hasn't that been the case for the last, what, 30 years?
In Soviet Russia Really. Maybe.
"No fear. No envy. No meanness." Liam Clancy
It is not a cyber attack. It is just the project ORCA meant to help the election day volunteers for Mitt Romney got its URL messed up and kept redirecting traffic from its http server to https server. It somehow sent everything via Indonesia and Saudi Arabia. The Saudi Aramco is just a bystander caught in the cross fire. Simple glitch.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Before any number of potential calamities affect the increasingly vulnerable oil chain. Adversaries realize that this is our Achilles heel and that any disruption will cause an immense impact on the world economy. I just hope we have effective plans in place to counteract any actions taken, as well as proactively identifying, nullifying and persecuting any organizations or states that choose to pursue any actions along these lines.
What, me worry?
state-owned = private sector???"
or is it part of some kind of war???
Now the excuse is established, the precedent is set.
The evil hackers can hack into all those computers and raise our gas prices! it's their fault! blame them! we need more laws, more cops, more rights taken away! save us from the evil hackers!
And completely ignore all these companies stupidly put their infrastructure on the net at all. Or that oil companies STILL enjoy record profits year after year. Or any of the other really bad things going on here... No... focus your thoughts on those evil hackers. they send you all that spam too. /facepalm
Unless 5 million dollars are transferred to the following numbered account in 7 days, I will capsize 5 tankers in the Ellingson fleet.
Yeah, it's not anything happened in '73 and '79 with the devaluation of the dollar to show us where "energy insecurity" comes from.
Jeeze, what lame bullshit to give the damn cops even more power.
“He’s not deformed, he’s just drunk!”
Guess nothing really changes. Fear mongering is the best way to keep your job, or so it seems. Wonder how long till he says we need to have a piece of government hardware in our computers monitoring everything we do? It would be to keep us safe of course, think of the children!
Be seeing you...
To summarise the article:
.. maybe. Senior people in the US say 'something could go wrong!' but they don't all agree on that."
/.? Is /. becoming a site devoted to fear-mongering and right wing political activism? I mean seriously, just because it has 'cyber' in the title, doesn't mean that there's anything of interest to /. readers in the text!
"There was an attack! This could cause some problem, somewhere, sometime
Serious, serious FUD. This is like a CBS broadcast calling for increased funding for cyber defense.
The journal is published by one of those 'think tanks' which try to form foreign policy by delivering analysis funded by industry heavyweights. This one (believe it or not) founded by Richard Nixon. How does this find the front page of
Once again Terrorists are forcing companies to use operating systems and other software well-known to be insecure on critical servers! You will know these Terrorists because of their distinctive clothing: Ties and Business Suits, which are never worn by software and security specialists. Alas, there may be nothing we can do to counter this Terrorist Threat as the Terrorists seem to have taken over our Corporate Boardrooms.
But there's no cause for alarm: everyone knows that the more you pay for software the more secure it is, right? And we can always retaliate against any Cyberattacks, unless of course they come from Botnets installed on our own citizens' computers.
yep. this is what happen when you bank your future, business and infrastructure on Windows OS
If anything is absolutely critical for a companies production infrastructure, it should not be connected to the internet, and all the systems involved should be locked down so hard that you need admin approval to so much as change the desktop wallpaper, let alone write to the disk or plug in a thumbdrive.
And if there is a need for data transfer from those machines to the internet, hire a few extremely trustworthy individuals to run sneakernet between the two networks, and have the whole thing recorded on security camera: the room in which the two network connection points are in, and the monitors and KB/Mouse inputs on the two computers.
Probably cheaper to have up to 6 guys who do nothing but sit in a room manually transferring files and data from the secured infrastructure LAN during their shifts to the internet at employee request than it would be to suffer a cyberattack that cripples production. And if something DOES go down, it's all on the video anyway, so it should be hard to figure out which of the sneakernet employees did it.
... they will learn to not have critical infrastructure accessible via the Internet?
One can only hope.
Saudi Armco don't connect their oil production control systems to their public network. They made it clear it did not affect oil production.
http://www.theregister.co.uk/2012/08/29/saudi_aramco_malware_attack_analysis/
"Oil and production systems were run off "isolated network systems unaffected by the attack, which the firm has pledged to investigate. In the meantime, Saudi Aramco promised to improve the security of its network to guard against fresh assaults."
But it's always a nuisance when even the administration computers get a virus, so they should improve their systems.
The fix for critical system vulnerability is: KEEP THEM ON SECURE PRIVATE NETWORKS. You cannot trust firewalls or VPNs since these are complex software, a simple physical separation of networks is and always will be the best fix. And Armco know this and did this.
Big money wants controls placed on personal computers.
End of story.
Not that I'm applauding the actions of hackers (legitimate or otherwise). Nor am I suggesting that we should all do our best to bring Down The Saudis (or anyone/everyone else involved in Oil production, for that matter).
Having raised all those caveats, however: Is THIS not good for everyone in the long term?
Those who were attacked will update their systems, those who rely on oil will rethink their policies. Maybe if we're really (really really really) lucky there'll be greater investment in energy solutions OTHER than fossil-fuels.
I see a whole lot of SILVER LINING and not much dark stormcloud here.
Visit CryptoGnome in his home.
I posit the theory that number of suicide-willing terrorists is wildly overestimated. Or even, regular non-suicidal trouble makers. Or, would-be "terrorists", as a group are pretty dull individuals.
I offer the lack of easy to do terrorist acts (statistically speaking) that have occurred. A simple "Ask Slashdot" round of "what would you do to F things up" would undoubtedly result in an interesting list of new things to worry about... Of course anyone who responds with an easy to do act of terrorism, that is then acted upon will be a) very sorry b) intensely investigated, c) all of the above.
What do they mean by useless? Windows wouldn't boot? or did the computers explode, or did the virus flash the bios with garbage, even then you could resolder a new bios chip on! Would be hard to make multiple computers completely useless!
The US Energy Information Administration claims that the US dependence on oil from The Persian Gulf is approximately 22%, so even if they dropped off the face of the planet (ie immediately/suddenly, tomorrow) it would not make all that much of a difference.
Sure it'd be a massive PITA for maybe as much as a month, then we'd all get over it and wonder what the fuss was about.
Visit CryptoGnome in his home.
I suppose the biggest threat to the global oil supply is the fact that it's finite and that we burn 85 millions barrel a day.
to your rescue
no worries as long as you yanks got cash im sure a oil deal with us can be made....(chuckles)
It was “probably because most computers were using Microsoft's Windows.”'
With the exception of maybe 12 organizations in the world, EVERYONE has mission critical systems connected indirectly to the internet. In a "highly secure" organization, I'd have two machines on my desk, one is not connected to the internet and has access to an important database. The other has internet access. That's good, right? Problem is, I need to be able to transfer information between my two desktops, so there is some sort of connection between them. That makes an indirect connection between the internet and the critical database. More analogous to the TFA case, where it was 30,000 machines, 75% of their desktops, losing that number of ANYTHING is damaging. Let's say you consider a desktop used by a customer service rep "not mission critical". The web site and mail system have to be connected to the internet, of course. How would your company be affected if you lost email, the web site, amd the customer service department for a week or two? How about if the payroll person's desktop is down also? Heck, even dumb things like the toilet paper delivery seem pretty important when you lose them.
So many industries use networked computer systems that are vulnerable. The fact that the article mentions the "oil supply" is irrelevant. Everything is at risk.
cause doing stupid stuff one at a time is not ok , you have to get smart and do 3 ways at once?
It's a CYBER threat. That makes it more worser.
This guy is not a security expert. His bio: "Before joining the Council, I was a sell-side commodity strategist at Louis Capital Markets." That's a brokerage firm. A "sell-side analyst" is really a PR guy who generates happy-talk "buy" recommendations which are sent to customers.
Except it didn't happen.
Contrary to the popular belief, there indeed is no God.
Nothing but a direct transfer of several billion dollars (preliminary estimate, subject to increase without notice) from the American public to the pockets of several large defense contractors can save the global oil industry!
Oh noes, we have to reactively install antivirus on 30,000 machines, we might as well just set fire to them.
If you were blocking sigs, you wouldn't have to read this.
Since 29998 were used only to access Facebook this wasn't a big problem. The problem was the 2 used to access Slashdot...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Stealing trillions via black screens? They are a threat to the monetary system itself! Forget oil, you can't pay for oil when the banksters stole all the money.
Then, there is HFT. A cyber threat to the markets.
There is Electronic voting a cyber threat to the constitutional republic.
Corporate owned public spectrum, a cyber threat to the public interest.
Patriot ACT spying, a cyber threat to your entire life.
Simply get off running on imported oil. The fastest way for USA is to move to Natural Gas for our commercial vehicles and large passenger vehicles. We have abundant supplies. In addition, we can do electric for regular cars. As it is, they are slowly coming up. I think that Tesla will change the industry with their gen 3 model.
Most importantly, once we are off oil, then North America can export to the rest of the west for security reasons.
I prefer the "u" in honour as it seems to be missing these days.
Maybe that's exactly what he meant, he was assigning private assets to control by politicians. After all, if you dedicated your life to making something, you didn't build that.
I think I saw this once in a movie about hackers...
I work with some energy companies, solar and wind, and the software in that industry is crap. All the programs we have run across have been poorly written, bloated, buggy, and extremely vulnerable. When we discuss fixing issues with the developers most have never heard of accepted standards for software and security. As one company VP told me, we write this only based on the end users’ recommendations.
If you live in a house, you could just generate your own power. Many cases have less need every day to keep dependending on others and paying for it.
http://otherpower.com/
Build your own energy sources from scratch. http://otherpower.com/
Electric freight trains. Railroads have proven themselves old and reliable technology. Almost all electric, almost no accidents. About 90% lower cost for freight transportation. Only problem is, since the trains last for decades, the tires don't wear out all the time, and the there's no massive fuel consumption, it doesn't generate lots of other costs. Those massive costs are what feed the truck manufacturing and oil business. But, there is no real change without change. The trucking and oil business industries will have to go do something else. They won't be the first or last industry get shaken up by changes in the world.
Build your own energy sources from scratch. http://otherpower.com/
That's just going to be a lot of waste no matter what anybody does. The social and monetary cost for a trip to the grocery will always be enormous. There's a reason everything is expensive in Hawaii or Japan -- they are far form everything. That's the whole reason big cities have progressed. It's unlikely world economy and infrastructure will be built around supplies for people who live far from everything, at least not until some equivalent of nuclear fusion comes around.
Build your own energy sources from scratch. http://otherpower.com/
See what countries pay for gas, and where the developed countries are.
http://en.wikipedia.org/wiki/Gasoline_and_diesel_usage_and_pricing
Country - gas prices (in US$ / US Gallon)
Norway - 9.69
Netherlands - 9.35
Denmark 8.90
Sweden 8.90
Finland 8.82
Italy 8.74
France 8.63
United Kingdom 8.63
Belgium 8.44
[...]
United States 3.88
[...]
Brunei 0.39
Oman 0.31
Bahrain 0.27
Kuwait 0.224
Qatar (Doha) 0.83
Turkmenistan 0.72
Libya - 0.64
Saudi Arabia (Riyadh, Jeddah) 0.45
Venezuela 0.085
Build your own energy sources from scratch. http://otherpower.com/
Nonsense. This is an attempt to create endless confusion among everyone, and not ever discuss how to create and own their infrastructure, and avoid being slaves of monthly bills - tax, food, power, communications, transportation, real estate, insurances, and so on.
Build your own energy sources from scratch. http://otherpower.com/
Hackers pose serious threat to oil business. One computer virus and tanker flips over. Looks like somebody checked his or her video library and decided to sell same story to the press.
Before anyone bitches about stuxnet attacking civilian assets, remember that in a repressive regime, there is hardly such a thing as a civilian asset when the government can arbitrarily confiscate whatever it wants and appropriate it for state purposes.