As has been the case quite a bit this year, once again we are in the realm of SCADA/Control System security. William Rush of the Gas Technology Institute states it plainly, if somewhat dramatically:
Anyone can blow up a gas pipeline with dynamite. But with this stolen information, if I wanted to blow up not one, but 1,000 compressor stations, I could,” he adds. “I could put the attack vectors in place, let them sit there for years, and set them all off at the same time. I don’t have to worry about getting people physically in place to do the job, I just pull the trigger with one mouse click.There are no NERC CIPs for the gas industry, but with 25-30% of US electric power and a whole lot of home heating coming from gas, it's time to get moving on better securing this infrastructure.
Pipeline operators, now alerted to the fact that sensitive access control information to important subsystems is in the hands of folks outside the industry (and outside the country it seems), need to get moving. And I'm sure they will, but it's a BIG job.
The whole Christian Science Monitor article is HERE.
Photo credit: War News Updates