Fill them gas tanks up TODAY or the price just might be $1 higher next week

As an IT professional, I have some thoughts....
1. Why Colonial Pipeline would have systems that control the pipeline connected to the internet or the same network as other internet-connected systems is beyond me. The control systems should be completely disconnected from the internet.
2. Clearly their disaster recovery plan needs to be looked at. They should have had full frequent backups along with a plan to recover systems more quickly.
3. I get that #1 and #2 are difficult and cost more money but we're talking about a crucial pipeline, not a mom and pop small business.

I'll also admit that I'm guilty of paying a hacker in a similar situation many years ago. About a month after I started my current job, our Executive Director opened an email attachment that contained a virus. It encrypted all the documents on her computer as well as all the files on our file server. I was able to recover the file server from a backup in about 4 hours but the files on her desktop were not backed up (everyone had been told frequently to store all files on the file server so there shouldn't have been any documents on her PC anyway). Unfortunately, she needed some of the files so she asked me to go through with paying the hacker. In this case, it was only $500. I had to go to a Walgreens and buy one of those cash cards and enter the card info into the encryption app. About an hour later, the program automatically started decrypting her files. Fortunately, now we have multiple levels of antivirus protection so the chances of this happening now are much less.
 
cptlo said:
As an IT professional, I have some thoughts....
1. Why Colonial Pipeline would have systems that control the pipeline connected to the internet or the same network as other internet-connected systems is beyond me. The control systems should be completely disconnected from the internet.
2. Clearly their disaster recovery plan needs to be looked at. They should have had full frequent backups along with a plan to recover systems more quickly.
3. I get that #1 and #2 are difficult and cost more money but we're talking about a crucial pipeline, not a mom and pop small business.

I'll also admit that I'm guilty of paying a hacker in a similar situation many years ago. About a month after I started my current job, our Executive Director opened an email attachment that contained a virus. It encrypted all the documents on her computer as well as all the files on our file server. I was able to recover the file server from a backup in about 4 hours but the files on her desktop were not backed up (everyone had been told frequently to store all files on the file server so there shouldn't have been any documents on her PC anyway). Unfortunately, she needed some of the files so she asked me to go through with paying the hacker. In this case, it was only $500. I had to go to a Walgreens and buy one of those cash cards and enter the card info into the encryption app. About an hour later, the program automatically started decrypting her files. Fortunately, now we have multiple levels of antivirus protection so the chances of this happening now are much less.
Click to expand...
I feel the same way, but usually it is what we didn't think to protect, like the wi-fi in at employees homes or mobile devices. These things make life simpler, but are fraught with security issues. Any hacker that can eaves drop on your wi-fi can eventually break down the encryption. Some companies are too quick to latch onto new technology for speed and convenience without thinking of security.
If you have something which must be secure, start with the basics, then stay there!
 
Boss 302 said:
I saw on the news it was tracked back to Russia. If they can track it to Russia, then they can track it to the location it was done from. If that location is a government facility or the home of a government employee; then hit them with some tough sanctions. If it wasn't their government or a government employee; hit them with tough sanctions while telling them they better start arresting those we identify and try them.
Click to expand...
Sanctions my arse, a nice close-up visit in the middle of night while asleep would be much better.
 
Here's a thought from a dumbass redneck from Georgia (Stonewall). Don't rely on technology to the point that it cannot be manually over ridden by actual flesh and blood humans. I have been working around (Obama rigging) automation my whole career. There ain't nothing electrically controlled that I can't make run (as long as it is functionally sound). Pumps and valves should not be rendered useless because someone hacked a damn server. They can make it sound like rocket science but it is mechanical pumps and valves that deliver the product. Freaking nerds.
 
obviously, cars and fossil-fuels are sooooo 20th century.

it's time that we all start commuting and running our errands by small, individual dirigibles.



( I'm an environmentalist, I damn sure am. )
 
cptlo said:
As an IT professional, I have some thoughts....
1. Why Colonial Pipeline would have systems that control the pipeline connected to the internet or the same network as other internet-connected systems is beyond me. The control systems should be completely disconnected from the internet.
2. Clearly their disaster recovery plan needs to be looked at. They should have had full frequent backups along with a plan to recover systems more quickly.
3. I get that #1 and #2 are difficult and cost more money but we're talking about a crucial pipeline, not a mom and pop small business.

I'll also admit that I'm guilty of paying a hacker in a similar situation many years ago. About a month after I started my current job, our Executive Director opened an email attachment that contained a virus. It encrypted all the documents on her computer as well as all the files on our file server. I was able to recover the file server from a backup in about 4 hours but the files on her desktop were not backed up (everyone had been told frequently to store all files on the file server so there shouldn't have been any documents on her PC anyway). Unfortunately, she needed some of the files so she asked me to go through with paying the hacker. In this case, it was only $500. I had to go to a Walgreens and buy one of those cash cards and enter the card info into the encryption app. About an hour later, the program automatically started decrypting her files. Fortunately, now we have multiple levels of antivirus protection so the chances of this happening now are much less.
Click to expand...
The military uses three different internet-connected systems: NIPRNet (non-secure communications), SIPRNet (classified Secret information), JWICS (Classified Top Secret information). On NIPRNet, you can access everything you can on the Internet you use, but Army does have filters in place that prevent personnel from accessing any sites that are commonly used for spreading viruses. SIPR and JWICS are secure systems that cannot be accessed from the Internet.

I agree with you cptlo that the companies running pipelines should be on their own secure system. All municipalities' water/sewerage systems; all power grids; and financial institutions and systems should also be on their own secure systems. The hacking of the pipeline proved having secured systems are worth the financial investment. Just imagine if a hacker got control of power grids.
 
I bet they just say it was Russia because it fits the Trump Bad Orange man narrative... I predict they are not motivated enough to find out who really hacked it.
 
Far West said:
I bet they just say it was Russia because it fits the Trump Bad Orange man narrative... I predict they are not motivated enough to find out who really hacked it.
Click to expand...
I don't know because this kind of thing never happened on Trump's watch, but now it's happened on Biden's. What does that say about Biden when it comes to cyber security.
 
J-man said:
Btw, I was pleasantly surprised that gasoline was available at each station we stopped at this weekend. One station was out of premium and some stations forced you to prepay or had dollar limits, but it was available.
Click to expand...
I think one thing we learned with shortages and hoarding this pandemic, was to put in purchasing limits so that an "ass hat" can't buy everything on the shelf, or in this case fill up every 5 gallon gas can they brought with them and their two 35 gallon tanks in their dually.

We might be back to the 70's filling up your car based the number your license plate ends on - odd or even days...
 
How many remember that the government had designed and I think even printed up gas rationing coupons before the embargo stopped. I wonder if they are still in a warehouse somewhere?

The govt ended up shredding and burying them:

In June 1984 the Energy Department was about to shred and bury 4.8 billion of the gasoline rationing coupons at the Pueblo Army Depot in Pueblo, CO. According to former National Philatelic Collection curator James H. Bruns, the Department of the Treasury contacted John Fleckner, Chief Archivist of the National Museum of American History, to ask if the Smithsonian Institution would like to keep a sample. Fleckner approached Bruns, who agreed. The transfer was made on September 6, 1984 from the Department of Energy’s Idaho office.3 The National Philatelic Collection became the repository of the coupons since these were initially presumed to be rationing stamps like those of World War II. Another multiple of coupons was sent to the National Archives. The Bureau of Engraving and Printing has three multiples and at least three examples are known to be in private collections at this time.
 
Last edited:
You must log in or register to reply here.
Back
Top