Donate Bitcoin

Donate Paypal


PeakOil is You

PeakOil is You

Cyber Attack

General discussions of the systemic, societal and civilisational effects of depletion.

Cyber Attack

Unread postby Pops » Sat 08 May 2021, 20:09:39

I'm surprised no one has mentioned this, more than trans girls sports or creeping communism, cyber attacks on infrastructure is probably our biggest threat.

Cyberattack Forces a Shutdown of a Top U.S. Pipeline
The operator, Colonial Pipeline, said it had halted systems for its 5,500 miles of pipeline after being hit by a ransomware attack.

One of the nation’s largest pipelines, which carries refined gasoline and jet fuel from Texas up the East Coast to New York, was forced to shut down after being hit by ransomware in a vivid demonstration of the vulnerability of energy infrastructure to cyberattacks.

The operator of the system, Colonial Pipeline, said in a vaguely worded statement late Friday that it had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach. Earlier Friday, there were disruptions along the pipeline, but it was not clear at the time whether that was a direct result of the attack or of the company’s moves to proactively halt it.

On Saturday, as the F.B.I., the Energy Department and the White House delved into the details, Colonial Pipeline acknowledged that its corporate computer networks had been hit by a ransomware attack, in which criminal groups hold data hostage until the victim pays a ransom. The company said it had shut the pipeline itself, a precautionary act, apparently for fear that the hackers might have obtained information that would enable them to attack susceptible parts of the pipeline.

Administration officials said they believed the attack was the act of a criminal group, rather than a nation seeking to disrupt critical infrastructure in the United States. But at times, such groups have had loose affiliations with foreign intelligence agencies and have operated on their behalf.

The shutdown of such a vital pipeline, one that has served the East Coast since the early 1960s, highlights the vulnerability of aging infrastructure that has been connected, directly or indirectly, to the internet. In recent months, officials note, the frequency and sophistication of ransomware attacks have soared, crippling victims as varied as the District of Columbia police department, hospitals treating coronavirus patients and manufacturers, which frequently try to hide the attacks out of embarrassment that their systems were pierced.



The russian Solar Winds backdoor and the china hack on MS systems seem to be the ramping up. Ransomware could turn out to be the airline hijacking spree of the '70s all over again. In the US we're so much at each other's throats over minutia, it seems not far from here to chaos.
The legitimate object of government, is to do for a community of people, whatever they need to have done, but can not do, at all, or can not, so well do, for themselves -- in their separate, and individual capacities.
-- Abraham Lincoln, Fragment on Government (July 1, 1854)
User avatar
Pops
Elite
Elite
 
Posts: 19746
Joined: Sat 03 Apr 2004, 04:00:00
Location: QuikSac for a 6-Pac

Re: Cyber Attack

Unread postby vtsnowedin » Sun 09 May 2021, 12:26:59

Hopefully they will trace back and locate the attackers and have Seal team five (six can't go every time) give them a fatal midnight visit. :evil:
User avatar
vtsnowedin
Fusion
Fusion
 
Posts: 14897
Joined: Fri 11 Jul 2008, 03:00:00

Re: Cyber Attack

Unread postby Outcast_Searcher » Mon 10 May 2021, 19:59:06

But while the attacks will happen, with assistance from the occasional insider, re bribes, etc, there is NO reason serious businesses can't BACK UP ALL their data EVERY DAY. In fact, if they're running a serious database like DB2, it can log all their data as each database gets updated.

So, there's no reason almost all or even 100% of data can't be recovered and TO HELL with the clowns who are bribing them.

Or even get smart and actually run the main business in a private virtual box, and just use the internet to communicate with the outside world, but NOT let it directly impact the key databases.

And yes, it will cost a bit more, but it makes the increasing rabble of criminals, including blackmailers, pretty much impotent.

I don't feel particularly sorry for supposedly serious businesses that rely on complex computer technology that can't be bothered to look 5 minutes (or 6 months) ahead and actually work to protect themselves.

And yes, I walk the walk, not just talk it. I'm just a normal private user managing my own data, and I keep MANY copies of my key data files offline, including some in a safe deposit box. And I keep multiple copies of my entire hard drive backed up in a cycle, should I get some nasty virus, so I can do a full recovery as easy as replacing 4 screws in 5 minutes. And I keep multiple (inexpensive) laptops ready to go, so failing that, I can still get on the internet, use my banks and brokerages, etc. even if my main computer has a total, say, motherboard failure.

All this protection takes a LITTLE work and roughly $1000 in hardware, including cases, drives, etc.

Given how inefficient government is, do corporations REALLY think that calling the FBI is going to rapidly get all their data back and get their systems operational again? Don't make me laugh.
Given the track record of the perma-doomer blogs, I wouldn't bet a fast crash doomer's money on their predictions.
User avatar
Outcast_Searcher
COB
COB
 
Posts: 10142
Joined: Sat 27 Jun 2009, 21:26:42
Location: Central KY

Re: Cyber Attack

Unread postby Outcast_Searcher » Mon 10 May 2021, 20:01:07

vtsnowedin wrote:Hopefully they will trace back and locate the attackers and have Seal team five (six can't go every time) give them a fatal midnight visit. :evil:

If they're, say, in Russia, good luck with that fantasy being reliable. It would be simpler just to drone their HQ, but that isn't happening if the geopolitics don't make that practical.
Given the track record of the perma-doomer blogs, I wouldn't bet a fast crash doomer's money on their predictions.
User avatar
Outcast_Searcher
COB
COB
 
Posts: 10142
Joined: Sat 27 Jun 2009, 21:26:42
Location: Central KY

Re: Cyber Attack

Unread postby vtsnowedin » Mon 10 May 2021, 20:21:27

Outcast_Searcher wrote:
vtsnowedin wrote:Hopefully they will trace back and locate the attackers and have Seal team five (six can't go every time) give them a fatal midnight visit. :evil:

If they're, say, in Russia, good luck with that fantasy being reliable. It would be simpler just to drone their HQ, but that isn't happening if the geopolitics don't make that practical.
I acknowledge that that would be a very difficult thing to do but it does need to be done if at all possible.
User avatar
vtsnowedin
Fusion
Fusion
 
Posts: 14897
Joined: Fri 11 Jul 2008, 03:00:00

Re: Cyber Attack

Unread postby mousepad » Tue 11 May 2021, 16:55:19

Outcast_Searcher wrote:And yes, I walk the walk, not just talk it. I'm just a normal private user managing my own data, and I keep MANY copies of my key data files offline,

I'm not sure if it's as simple as back-ups. I believe the real issue is the mess an attack leaves behind. As the ransom attack works its way to encrypt a system, some users are still working, changing, updating files, some users get affected and have their data destroyed sooner, some later. If an attack takes hours to complete the data is in a messed state. Which files are good, which are bad? How far back in the backup do you need to go? What needs to be restored? Which data is lost and needs to be reentered?

I can imagine the mess left behind is much more of a headache than just restoring backups.
mousepad
Tar Sands
Tar Sands
 
Posts: 799
Joined: Thu 26 Sep 2019, 09:07:56

Re: Cyber Attack

Unread postby Newfie » Tue 11 May 2021, 19:23:42

Colonial is a “linear infrastructure”, they own their ROW and their facilities are distributed along same. Back in the 90’s and 00’s all the linear infrastructure outfits (pipelines, rrs, power grids) built out FO lines. Often they just out in conduits and then leased the pipe. Sometimes they got a certain amount of service or some fibers as part of the deal.

When you have a linear infrastructure, say a transit system, with a FO cable then you have the perfect opportunity to have a completely safe control system. There is absolutely no need to connect to the internet.

Most times the Owners in-house data people would require internet connections and thus create vulnerability. At least one client was smart enough to jot do that despite much pressure. Their vulnerability was the control center software. It was supplied by a vendor. The Owner paid to have a dedicated tech local and on call. But the CC vender still wanted a internet connection so that their home office folks could get into the system to make updates, fix bugs, and do maintenance.

For these closed type systems the internet is actually a very poor choice of technology, there are vastly better and more secure ways to do it. I was NEVER able to convince a client to not use the internet. And sometimes for insanely dumb reasons, like adjusting the volume of individual speakers in a large PA system.

TAKE AWAY:
Control system security is achievable, 100%. Getting people to implement it is almost impossible.
User avatar
Newfie
Forum Moderator
Forum Moderator
 
Posts: 18458
Joined: Thu 15 Nov 2007, 04:00:00
Location: Between Canada and Carribean

Re: Cyber Attack

Unread postby mousepad » Tue 11 May 2021, 19:48:39

Newfie wrote:TAKE AWAY:
Control system security is achievable, 100%.


As the old saying goes. Make it 100% secure, make it 100% unusable.
mousepad
Tar Sands
Tar Sands
 
Posts: 799
Joined: Thu 26 Sep 2019, 09:07:56

Re: Cyber Attack

Unread postby Plantagenet » Tue 11 May 2021, 19:58:43

I find it very amusing to see all the supposedly "green" Bidenauts scurrying around desperately trying to reassure everyone that their oil and gas supply will go back to normal.

I thought one of the main goals of the Biden administration was to stop fracking and stop oil leasing and get people out of their cars and off oil and into clean EVs.

And here we are with a minor disruption to a small part of the nation's oil and gas infrastructure and its all hands on deck for the hypocritical Bidenauts to keep the oil flowing.

Do I hear talk from the hypocrite in the White House about how this is an opportunity for people to quit using fossil fuels and switch to EVs? No.

Do I hear talk from the hypocrite in the White House about how its good for the planet when people use less fossil fuels? No.

All I hear is the sound of little tiny hypocritical Joe Biden and his little tiny hypocritical Biden administration screaming in their shrill little tiny voices......"we'll get you your oil! Don't worry about a thing! Forget everything we said about moving away from fossil fuels The oil is coming! Joe Biden will get you all the wonderful wonderful oil you want!"

Image
Is hypocritical Joe Biden using this opportunity to tell people to move off fossil fuels and and switch to EVs? Heck no......Joe Biden is out there blaming the Russians and telling folks not to worry because he's doing everything he can to get that wonderful oil flowing for them again

Cheers!
Never underestimate the ability of Joe Biden to f#@% things up---Barack Obama
-----------------------------------------------------------
Keep running between the raindrops.
User avatar
Plantagenet
Expert
Expert
 
Posts: 26616
Joined: Mon 09 Apr 2007, 03:00:00
Location: Alaska (its much bigger than Texas).

Re: Cyber Attack

Unread postby Newfie » Wed 12 May 2021, 12:30:46

mousepad wrote:
Newfie wrote:TAKE AWAY:
Control system security is achievable, 100%.


As the old saying goes. Make it 100% secure, make it 100% unusable.


No. The usability improves. Maintenance is easier and less required.

Hacking is still possible, but it requires a physical presence to the control computers or their controlled devices.
User avatar
Newfie
Forum Moderator
Forum Moderator
 
Posts: 18458
Joined: Thu 15 Nov 2007, 04:00:00
Location: Between Canada and Carribean

Re: Cyber Attack

Unread postby mousepad » Wed 12 May 2021, 14:00:03

Newfie wrote:
Hacking is still possible, but it requires a physical presence


Yes , I understand. But that makes monitoring and maintenance, data acquisition, data analysis, collaboration all much more cumbersome.
For example, the power plant for the oil fields in Prudhoe Bay is monitored and controller by a guy remotely in Vermont (a colleague of mine).
The guy flies to Prudhoe Bay twice a year, all else is remote. Can't do that if the system is removed from the internet. Just makes it cumbersome.

There's certain installations (like a nuclear missile) I certainly don't want to be seeing connected to the internet. But a pipeline?
mousepad
Tar Sands
Tar Sands
 
Posts: 799
Joined: Thu 26 Sep 2019, 09:07:56

Re: Cyber Attack

Unread postby ROCKMAN » Wed 12 May 2021, 14:27:43

Not sure if the Feds have the authority but as soon as such situations develop there should be a max purchase rule put into effect. I would bet lunch that there is not lack of gasoline/diesel anywhere on the East coast. This happens every time folks panic. Can go back and research the Great Arab Embargo of the 70's. And the BS theories of refineries hiding fuel etc took a year or 2 to finally be trashed. Turned out the was no lack of fuel...except at the gas stations. All that missing fuel was sitting in everyone's cars. Instead of filling once they got low (typically around 1/8 full) folks starting topping off when they got down to 1/2...or more.

Happened last time a big hurricane was heading to Houston. I filled up a few days before. And right before and after it came onshore many topped off and most stations went empty. Even with all the local refineries it didn't help: their tanks were full of fuel. But there are not enough tank trucks here to refill the stations all at once. I would drive to work and see lines of cars blocks long at stations. Some were empty with folks waiting for a tank truck to show up. And a week or so later: all the stations were once again full.

Gasoline does not flow directly from the CP to the gas stations. It's pumped to smaller lines that deliver it to fuel terminals. From there tanks trucks deliver to gas stations. How many terminals? Just a guess but probably dozens...many dozens. Probably many for each of the NE states that receive fuel from the CP. And how many tanks trucks are needed to haul to gas stations? Again a guess but I'm sure thousands...probably many thousands. I bet there are many fuel terminals with gasoline unable to deliver to many stations quickly due to lack of tank trucks.

Same reason stores ran out of TP when pandemic panic shopping kicked in. TP that wasn't delivered to commercial customers did not evaporate. LOL
User avatar
ROCKMAN
Expert
Expert
 
Posts: 11397
Joined: Tue 27 May 2008, 03:00:00
Location: TEXAS

Re: Cyber Attack

Unread postby Outcast_Searcher » Wed 12 May 2021, 14:56:51

mousepad wrote:
Outcast_Searcher wrote:And yes, I walk the walk, not just talk it. I'm just a normal private user managing my own data, and I keep MANY copies of my key data files offline,

I'm not sure if it's as simple as back-ups. I believe the real issue is the mess an attack leaves behind. As the ransom attack works its way to encrypt a system, some users are still working, changing, updating files, some users get affected and have their data destroyed sooner, some later. If an attack takes hours to complete the data is in a messed state. Which files are good, which are bad? How far back in the backup do you need to go? What needs to be restored? Which data is lost and needs to be reentered?

I can imagine the mess left behind is much more of a headache than just restoring backups.

i agree. But for a multi-billion dollar operation, there should be SERIOUS procedures in place that are TESTED and proven to work. Data logs can be kept, and stored offline. Snapshots can be taken regularly, even while systems are running, with only a brief pause, with modern hardware and software, so they could go back X hours in time.

Being a system programmer for complex IBM mainframe database systems for nearly 20 years during my career, ensuring that things like bank credit card systems, ATM's, etc. worked reliably and no data was lost, I do understand that there is a lot of complexity. (And I periodically had fights with multiple levels of management wanting to take shortcuts to "save time and money". And I won every time, when I would demand a letter from them that THEY take ALL responsibility when big Bank X, for example, couldn't get their customer data back, because they refused to let me take a couple of good physical backups before doing a major upgrade "to save time", for example. When push came to shove, they didn't want to bet their jobs on that kind of fiasco, any more than I did.)

OTOH, if the business is CRITICALLY dependent on the data hardware working and the data being right, or if the data is essentially THE WHOLE BUSINESS (like with large banks), the price of just saying "oops" when bad things happen is just way too high.

I have it real easy. I can just choose a quiet time and do full backups whenever I want, and test that the recovery works for my device types, OS types, etc., especially every time I upgrade to a newer level of the backup/cloning software.

OTOH, I'm primarily protecting things for convenience and my tax records, etc. -- NOT some huge complex organization.

If this were all new and just an ugly "SURPRISE", I'd have a different attitude toward the large corporate victims, but this is something re various risks that's now been WELL known, in various forms, for DECADES (like re viruses, trojan horses, stealing sensitive data, etc).

How much corporate incompetence is acceptable? Hell, this is more the kind of thing I'd expect from big government, like when, as I recall, Atlanta got hit in a MAJOR way in 2018. A city like Atlanta should damn well have planned for something like that.

https://www.cbsnews.com/news/atlanta-ra ... s-hostage/

And here we are in mid 2021. :roll:
Given the track record of the perma-doomer blogs, I wouldn't bet a fast crash doomer's money on their predictions.
User avatar
Outcast_Searcher
COB
COB
 
Posts: 10142
Joined: Sat 27 Jun 2009, 21:26:42
Location: Central KY

Re: Cyber Attack

Unread postby evilgenius » Wed 12 May 2021, 15:18:50

Outcast_Searcher wrote:But while the attacks will happen, with assistance from the occasional insider, re bribes, etc, there is NO reason serious businesses can't BACK UP ALL their data EVERY DAY. In fact, if they're running a serious database like DB2, it can log all their data as each database gets updated.

So, there's no reason almost all or even 100% of data can't be recovered and TO HELL with the clowns who are bribing them.

Or even get smart and actually run the main business in a private virtual box, and just use the internet to communicate with the outside world, but NOT let it directly impact the key databases.

And yes, it will cost a bit more, but it makes the increasing rabble of criminals, including blackmailers, pretty much impotent.

I don't feel particularly sorry for supposedly serious businesses that rely on complex computer technology that can't be bothered to look 5 minutes (or 6 months) ahead and actually work to protect themselves.

And yes, I walk the walk, not just talk it. I'm just a normal private user managing my own data, and I keep MANY copies of my key data files offline, including some in a safe deposit box. And I keep multiple copies of my entire hard drive backed up in a cycle, should I get some nasty virus, so I can do a full recovery as easy as replacing 4 screws in 5 minutes. And I keep multiple (inexpensive) laptops ready to go, so failing that, I can still get on the internet, use my banks and brokerages, etc. even if my main computer has a total, say, motherboard failure.

All this protection takes a LITTLE work and roughly $1000 in hardware, including cases, drives, etc.

Given how inefficient government is, do corporations REALLY think that calling the FBI is going to rapidly get all their data back and get their systems operational again? Don't make me laugh.

I totally agree with you. It is either deliberate ignorance of what is necessary everyday, like how a temp agency handles your HR for you, or, if they do get involved, they side with programmers over database design. I mean, it takes both in any real world environment, but database is, by far, the easiest to install at the proper time while developing. The whole idea of development leads that way. You would think that the knowledge of that, and the inherent separation in a well built environment, would lead them right where you say. Damn, people.
People are the weakest link in any system. They can be the strongest. They need to buy in to do that. That usually means creating a lot of new myths. From quarterback eras in football(concrete example), to seeing the world through a design based viewpoint, my design, so to speak, I think we are good at myth making.
Last edited by evilgenius on Wed 12 May 2021, 16:20:42, edited 1 time in total.
User avatar
evilgenius
Intermediate Crude
Intermediate Crude
 
Posts: 3729
Joined: Tue 06 Dec 2005, 04:00:00
Location: Stopped at the Border.

Re: Cyber Attack

Unread postby Outcast_Searcher » Wed 12 May 2021, 15:26:21

ROCKMAN wrote:Not sure if the Feds have the authority but as soon as such situations develop there should be a max purchase rule put into effect. I would bet lunch that there is not lack of gasoline/diesel anywhere on the East coast. This happens every time folks panic. Can go back and research the Great Arab Embargo of the 70's. And the BS theories of refineries hiding fuel etc took a year or 2 to finally be trashed. Turned out the was no lack of fuel...except at the gas stations. All that missing fuel was sitting in everyone's cars. Instead of filling once they got low (typically around 1/8 full) folks starting topping off when they got down to 1/2...or more.

....

Same reason stores ran out of TP when pandemic panic shopping kicked in. TP that wasn't delivered to commercial customers did not evaporate. LOL

I agree in principle, but good luck getting stations to enforce that (or their employees to cooperate, even if corporate management agrees to do that).

It's one thing to do a visual check on how much TP a housewife has in her basket at the grocery store. And still, I can imagine cashiers having to put up with a certain amount of verbal abuse by some customers, even over that.

It's quite another (given the total asshole way many folks behave, including beating on people, shooting people, etc. when employees try to do their jobs re enforcing even mask wearing with just a verbal request, for example), to get gas station cashiers to leave their cage, stick their head in someone's vehicle, and check gasoline levels, etc. That is if you could get the enraged driver to cooperate and turn use the key to show that, etc. Oh, and we're still in a dangerous global pandemic. But even without that -- I'd QUIT before I'd even CONSIDER doing that, given the way people behave. It's not like low cost, low skill jobs aren't still abundant -- and most shouldn't involve gunplay or beatings.

So there's how things should be in a reasonable world, and there's how things ARE, with ugly reality interceding. And I don't think most gas stations want to hire armed gas guard thugs to enforce that, re the cost or the risk of lawsuits, someone getting shot, etc. As a customer, I don't want to be around that even though they wouldn't need guns for dealing with me (a polite request would be just dandy) -- just from the risk of stray asshole-induced gunfire, for example.
Given the track record of the perma-doomer blogs, I wouldn't bet a fast crash doomer's money on their predictions.
User avatar
Outcast_Searcher
COB
COB
 
Posts: 10142
Joined: Sat 27 Jun 2009, 21:26:42
Location: Central KY

Re: Cyber Attack

Unread postby Newfie » Wed 12 May 2021, 17:31:14

mousepad wrote:
Newfie wrote:
Hacking is still possible, but it requires a physical presence


Yes , I understand. But that makes monitoring and maintenance, data acquisition, data analysis, collaboration all much more cumbersome.
For example, the power plant for the oil fields in Prudhoe Bay is monitored and controller by a guy remotely in Vermont (a colleague of mine).
The guy flies to Prudhoe Bay twice a year, all else is remote. Can't do that if the system is removed from the internet. Just makes it cumbersome.

There's certain installations (like a nuclear missile) I certainly don't want to be seeing connected to the internet. But a pipeline?


Yes a pipeline is a perfect candidate for such a solution. I am assuming they have a access to dedicated fibers, not unlikely because they own the ROW and sell access to fiber companies.

Here is how it works. You have hour own fiber so you transmit your data via using a Time Domain technology: a T-1 line and if fancy over SONET. These circuits are very analogous to a copper pair, they travel from point A to B. They can be rerouted but not in the sense that a ethernet data stream is. The data all physically stays on your own fiber cable.

The internet my comparison is more akin to a statistical mux where the data is dynamically routed and passes over many routes. This make tremendous sense when you treat bandwidth as a commodity, you use the least cost routing. And for most users Ethernet is the correct solution. But then you have the security issues because it is being routed God knows where and is accessible to crazies.


Now it is possible to use an ethernet signal and restrain it to a physical path. And that is another way of accomplishing the security. But why go to all the complexity of Ethernet when much simpler mux’s accomplish the same thing?

Yet the glitter is off TDM, it is passee, everyone must use Ethernet for everything.

There is a lot to be said for applying the simplest technology to achieve any given task. But then if everyone adhered to that maxim there wojld be a lot of empty McMansions and more economy cars.
User avatar
Newfie
Forum Moderator
Forum Moderator
 
Posts: 18458
Joined: Thu 15 Nov 2007, 04:00:00
Location: Between Canada and Carribean

Re: Cyber Attack

Unread postby evilgenius » Thu 13 May 2021, 07:07:05

The problem really has something to do with the tech world. Even there the importance of database is underappreciated.

Tech is run by programmers. They think differently than database or system designers. They think everything can be done in code. They love doing really cool stuff in code.

Designers implement those sorts of things in the design of the data itself, though. Done correctly, it means that there is never any reason to expose the database. Also, even if it is, it can be brought back up from a backup.

These sorts of stories are really about poor IT at high levels. That sort of poor IT creates this reliance upon people to cobble together something that faces the threats. You need to train people not to open email attachments and not respond to fishing offers to hook their passwords.

With a design based approach you have to train people too. You have to consider how to discipline your organization to make backups. No system can ever escape its reliance upon people. If that were tried, then people would change and the system would have to follow them anyway. The system is pointed at them. They will always matter.

I think ransomware is a symptom of an IT problem. The problem is that IT actually perceives itself in the same way that the untrained public does, as a code first endeavor. They leave too much room for this sort of thing because they don't want their ability to be heroes taken away from them. It makes them feel special. But design is the answer.
User avatar
evilgenius
Intermediate Crude
Intermediate Crude
 
Posts: 3729
Joined: Tue 06 Dec 2005, 04:00:00
Location: Stopped at the Border.

Re: Cyber Attack

Unread postby Newfie » Thu 13 May 2021, 08:42:33

Evil,

There are multiple levels of problems. I was talking about one on the physical implementation level, you are talking about a different level. Both are operative.

The underlying “problem” is a loss if task focus, not having or meeting a design brief. Being cheap and stupid should not be under estimated either.
User avatar
Newfie
Forum Moderator
Forum Moderator
 
Posts: 18458
Joined: Thu 15 Nov 2007, 04:00:00
Location: Between Canada and Carribean

Re: Cyber Attack

Unread postby ROCKMAN » Thu 13 May 2021, 12:56:03

newfie- Not sure if anyone explained even the very basic nature of the CP. At anyone time the line is pumping different compounds: gasolive, diesel, jet fuel, etc. And there are various entry points and exit points for different components. Obviously lots of computer power monitoring the process in real time. But local valve and pumping operations are run be real folks in real time. Lots of different pumping ops run along those 5,500 miles. And a different pressures. Main reason it takes a while to get the entire system moving at once. Get the pressure timing wrong and segment of the line could rupture. Actually happens from time to time on different lines without "help" from hackers.
User avatar
ROCKMAN
Expert
Expert
 
Posts: 11397
Joined: Tue 27 May 2008, 03:00:00
Location: TEXAS

Re: Cyber Attack

Unread postby Outcast_Searcher » Thu 13 May 2021, 13:11:38

Newfie wrote:Yes a pipeline is a perfect candidate for such a solution. I am assuming they have a access to dedicated fibers, not unlikely because they own the ROW and sell access to fiber companies.

Here is how it works. You have hour own fiber so you transmit your data via using a Time Domain technology: a T-1 line and if fancy over SONET. These circuits are very analogous to a copper pair, they travel from point A to B. They can be rerouted but not in the sense that a ethernet data stream is. The data all physically stays on your own fiber cable.

Yes. I know little about the physics, software, and specific standards behind networking, just being a network user. But re T1 lines as an old and solid alternative solution, that's a great example.

I know damn well that in the IBM mainframe business for DECADES before the internet became much of a thing, that for individual applications needing serious communication bandwidth, we could order T-1 lines and have them installed while an application was being developed. Then they could be tested as the application was tested and in my experience as a user of the T-1 line, they simply always worked. The only issue was it was FAR from free -- there were serious monthly service payments required throughout the lifetime of the use of the T-1 line, and I presume that a minimum service period was required (I didn't handle the accounting end at all). Generally the customer was so very happy to have a viable, FAST, reliable, secure solution at a "reasonable" cost, that they just said "no problem" when the cost was pointed out. (Time is money, and having a private T1 lime could multiply data bandwidth MANYfold. When reliability was paramount, they'd say, "I'll take two at twice the cost". That way when one line was down, they still had half the bandwidth with the other line, and their application kept on trucking.)

Then as security became more of a thing, serious security standards were developed so serious IBM security software like RACF could be easily used to provide a standardized and fully supported way to automatically encrypt / decrypt ALL the data that travelled over the T-1 line. So it was secure AND kept the hell away from easy access via the internet, once the internet became a common thing.

It's not that IN ANY WAY these things "can't be done" without the internet. It's that it costs more, takes serious planning ahead and minimal cost commitment, etc.

And of course, this is all BEYOND backing up one's important data, since physical device failures, software problems, inside jobs re planting malware like trojan horses, viruses, etc. is a threat, etc. -- so keeping additional copies safe and AWAY from the active systems should STILL be very much "a thing" for any serious business which critical reliance on their data to function.

...

It would be nice to live in a world where everything could be a turnkey operation and would always work fine. All problems solved. We live in a world VERY far from that, despite the fact that we no longer find sabre toothed tigers in our cave on occasion. Different times, different types of risks.
Given the track record of the perma-doomer blogs, I wouldn't bet a fast crash doomer's money on their predictions.
User avatar
Outcast_Searcher
COB
COB
 
Posts: 10142
Joined: Sat 27 Jun 2009, 21:26:42
Location: Central KY

Next

Return to Peak Oil Discussion

Who is online

Users browsing this forum: No registered users and 67 guests