There was a lot of good information this week on the internet that I did not have a chance to write about in the blog.
Chemical Disaster Recovery
An article over at Manufacturing.Net describes what was done to bring a chemical plant back on line in Tallulah, LA after it was hit by an EF-3 tornado in 2010. Effective disaster recovery requires some for thought before the disaster. This is a good look at some of the issues that came up. This would be a good topic for a chemical facility business case study.
This article from USAToday.com would be good pre-hearing reading for anyone that will be watching the House Homeland Security Committee hearing this week on the current status of al Quaeda. Far from dead, but certainly changing this group will continue to be a terrorist threat to our country and its interests.
Crude Oil Trains
While we were watching the water system train wreck in West Virginia, there was another crude oil train wreck in Canada. This brief article describes the out of the way that did much more damage than the leaking tank at Freedom Industries, but affected fewer people because of it’s isolated location in New Burnswick, Canada.
This brief article describes a recent letter from Senators Heitkamp (D,ND) and Hoeven (R,ND) asking the FRA to look at the quality of the rail lines near Casselton, ND, noting that the recent crude train derailment there was the fourth derailment in the general area in 9 years; a real impressive safety record (SARCASM Alert). A separate letter from Senators Rockefeller (D,WV) and Wyden (D,OR) to the FRA and the Department of Energy asked for ‘quick action’ on crude train safety.
Sen. Shumer added his voice to the mix encouraging PHMSA to move quickly on its DOT 111 car rulemaking effort. North Dakota Governor Dalyrmple also got involved in the discussion, meeting with BNSF CEO to discuss their latest train wreck.
Cyber Terror Threats
This is an odd note purportedly from a terrorist group that claims responsibility for a recent physical attack on an electrical sub-station in California. It describes the attack as part of a series of exercises using ‘cyber/kinetic vectors’. No proof, just claims, but it does add an odd name to the already long list of ‘odd names’ (from an American perspective any way) associated with jihadist groups, Parastoo.
As a chemist I get unusually agitated when I hear the claim ‘chemical free’. I ran across this JPG file showing the chemicals in an organic, ‘chemical free’ banana. I love it. Unfortunately, I don’t know where it originated.
Cyber Attack Threat
The ICS-CERT web page has a section dedicated to informative articles that pertain to control system security issues. There are not many articles listed and there connection to control systems is frequently tenuous at best. The latest is a link to a DefenseOne.com article about a recent poll that listed the threat of cyber attack as the biggest threat to national security. It is rated as a higher threat than terrorism (#2 but trying harder). I guess that would make a terrorist cyber attack really bad.
Water Facility Cybersecurity
I ran across this old Automation.ISA.org article (ancient stuff from November 2013) about cybersecurity at water treatment facilities while I was looking for information about the Freedom Chemical Leak situation. I missed it the first time around and this is just an excerpt from the longer article.
With the 2014 flu season in full swing in the United States it is always good to remember that natural disasters come in all sizes. This is a brief article from FocusTaiwan.tw about recent mutations in the H7N9 flu virus that allow it to attach to the upper respiratory tract, making it much more likely to be spreadable amongst human kind instead of just birds. Flu is always worth watching closely.
The last swine flu epidemic was made worse according to the HomeLandSecurityNewswire.com article that claimed over emphasis on bioterrorism took money away from critical research about the spread of the flu. That may be a bit of an exaggeration, but bioterrorism certainly got more political press.
The End of XP
The April 8th death of Windows XP (or at least the end of Windows support for the ancient operating system) will provide a whole slew of problems for many existing control systems based upon computers running that OS. This article outlines some of the risks of not migrating to a newer OS. Of course if you are just now considering your options you are a bit behind the curve, but better late than never.
Delay as Cybersecurity Measure
Everyone knows (or should) that any system can be broken into given enough time and resources. This article at SCMagazine.com looks at how much time most hackers are willing to spend breaking into a system. The data indicates that most hacks can be prevented if you put enough stuff in the way of the hacker. They just give up and move on to an easier target. Of course, if they really want you, they can own you.
Takes from TWITTER
Click on first link to see the TWEET; follow me at http://twitter.com/pjcoyle -
@pjcoyle Confirmed! Crop Circle Mystery Solved http://www.nbcbayarea.com/news/local/Confirmed-Crop-Circle-Mystery-Solved-238797861.html …
@jwgoerlich Reading: The Internet of Things Is Wildly Insecure — And Often Unpatchable. http://feeds.wired.com/c/35185/f/661370/s/358d8c2f/sc/15/l/0L0Swired0N0Copinion0C20A140C0A10Ctheres0Eno0Egood0Eway0Eto0Epatch0Ethe0Einternet0Eof0Ethings0Eand0Ethats0Ea0Ehuge0Eproblem0C/story01.htm …
@pjcoyle RT @intel17h Are cars the ultimate mobile device? Auto tech at #CES2014 - http://intel.ly/1cxne2S - PJC And nary a mention of security!
@PatrickCMiller Radware Predicts Critical Infrastructure Outages, Encryption as Mass Weapon and First-Ever SDN Attacks in 2014 | http://j.mp/1hqtK3K
@pjcoyle @jwgoerlich Thanks for pointing to 10 Immutable Laws of Security - http://technet.microsoft.com/library/cc722487.aspx … - Good things to remember
@pjcoyle Oil and gas drilling pollutes well water, states confirm http://nbcnews.to/1eBx3jv via PJC Headline exaggerates important data
@pjcoyle The benefits challenges of self-driving cars - http://tinyurl.com/lpzo5qt - PJC - Interesting cost benefit analysis - Security ignored -
@pjcoyle @i_defender "platform that's already familiar to drivers and developers alike" and hackers too
@pjcoyle Ohio police: Man stopped for speeding had 48 bombs http://wapo.st/1lN1pCf PJC - But terrorist have to get theirs from FBI informants???
@pjcoyle Success! SpaceShipTwo hits new heights during rocket test http://www.nbcnews.com/science/liftoff-spaceshiptwo-celebrates-new-year-test-flight-2D11767010 … - PJC Another step to commercial space flight -