That's just it windy ,exactly what system are they in? are they in the system that runs the pumps and tanks and sensors such that they can run it remotely or that you can not do same? Or are they in your system that has sensitive business data?

I'll try hard to limit my inquisition below the Barry level for your sake though. I did preface the thread self Id'ing as an old codger so a little slack please and respect for your elders. I don't want to have to get up out of my rocker and chase you off my lawn, but .........

If they are in one system you have to assume they're in all of them. You shut it all done and go to bare metal aka start from scratch with your backups. That's the prudent thing to do.

Slack granted and I apologize, it was more of a drive by at Barry anyway ;)

It was confirmed on CNN. Kim is a very legit reporter on cyber security issues. She has been on that beat for decades.

https://twitter.com/...923544753872896?s=20

Edit: NYT also confirmed it

https://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html

Quote:

because it had no way to bill customers with its business and accounting networks offline.

I guess the codger in me is haunted by life growing up without computers. It is a bugaboo that I can't seem to shake. While computers and systems they run make life better, easier, simpler, more efficient, safer, cheaper---the wondrous list of good that the miracle of modern day computing brings is near endless, our response to these attacks keeps pointing to the inevitable conclusion that we can no longer get by without another computer fixing the hacked computer.

Our response causes me to ask only, could not one of our responses be just to set aside the remote computer controlled system and have our team just run it in manual? You know the way life was before computers. I see no evidence of an intent or even the capability so far to do this here. I hope to become informed as to why.

"Shut it down and start from scratch with your backups". Why can't scratch be without a computer? I can make sense of the evolution of finances and banking and the complete reliance on computers both to operate and to counter the cyber attack involved there and how we have gone from "wiring" funds across the globe to "clicking" funds from account to account. What I can't make sense of here is that the physical task of moving fluid through a pipe from tank to tank can not be done without a computer. Are we that impotent? It is not like the hacker stole the gas.

It helps to scream at the kids on the lawn on occasion. Thanks for your indulgence.

I’ll only add that working in IT for 25 years has taught me that a lot of management don’t prioritize cyber security. They will give it lip service in a meeting or agree when it’s pointed out but push comes to shove they don’t like dedicating resources to it.

Not at all knowledgeable about business, but let me try. Accounting goes offline. step 1. open a drawer, pull out a ledger book make entries such as date, amount, to whom, and cost. At the end of the billing period, step 2. pull out ledger type up a bill and put it in the mail box.

So we had this fiasco because book keeping was not backed up? Tell me it's not so Joe!

You're thinking strictly from an operational standpoint and not security.

Could they manually do accounting sure. Could they manually run the pipeline eventually, sure with increased risk since the automated portions and sensors would be offline.

But knowing someone is inside your system and the systems are linked (or even if they're not since you don't know how they got in) you're not running your pipeline that could cause severe environmental or economic damage if the hackers over-pressurized it or somehow caused a rupture or spill.

What's worse PR, a bunch of whining anti-capitalists who hate pipelines to begin complaining about how the greedy pipeline company didn't run the pipeline because they couldn't bill, or millions of gallons of petroleum being spilled into a river or a pipeline blowing up?

I love how no matter what topic comes up in the LR, you pretend to be an expert at it. Quite the renaissance man.

...related question in general....

How is the $5M ransom paid? I assume that's electronically to some account number in the Caymans, or Switzerland or something. Surely it's not $5M in a duffel bag of cash to be brought somewhere. So with all the super-connected tech these days, couldn't the deposits and withdrawals be traced? We know a deposit is to be made and when. So monitor the receiving account for movement.... and nab the bad guys. Easy, no?

*Even if banks have super privacy policies, surely there should be exceptions for obviously criminal activity.

(I suppose I could google "how to launder ransomware payments", but not sure I want that in my search history).

They paid in bitcoin.

Some of the mainstream media coverages has referred to bitcoin as "untraceable." Which is incorrect. It's very traceable. Bitcoin transactions go to a public "ledger." The blockchain. That transparency is part of the whole innovation of bitcoin.

The "identity" stored in the blockchain is just a wallet address. The translation of that address to a real person or entity is done via the bitcoin "wallet" services. I know very little about it, but presumably there are bitcoin wallet services that cater to illegal activities by fiercely protecting that translation and catering to money launderers.

Not every topic but energy transportation goes part and parcel with energy trading. I also am somewhat familiar with Stockards for cattle grain shipping and much more so with metals storage and leasing.

My IT security information in here is just parroting what I get from our folks who are very good at their job and a little interpolation.

According to the newspapers.... bitcoin

You and I are both dealing in a bit of conjecture here. I for one am in way over my head but that hasn't stopped me before.

That said, In the pursuit of the wouldas and couldas and options not taken, at what risk does manual ops present over automatic? Normal operation per annum shows how many remotely sensored alerts and how often did they alert that then caused system shutdowns or automatic workarounds. Or how much more real is the possibility of accidental discharging if operated in a manual mode? More importantly, does Colonial even have and Emergency Plan that spells out a manual operation and have they practiced it.

As for PR, I say a ballsy but measured response would be to move seemlessly to a manual mode, alert the governments, fed and state, so the government Cyber boys get to work on your problem. Tell your clients of the hack and assuming you and they have no sensitive or personal problem with skeletons in closet within that data, you then beat your chest proudly braying to the hackers and the public that you will not be beaten and look here our gasoline continues to flow and we will not be bullied or defeated or held for ransom. That could be good PR too, isn't that right Tom. The NYT and FOX would both run with that story, the crooked foreign hackers tried but they didn't shut us down.

I think if you were the CEO of Colonial and you had confidence in your team, flipping the bird to the hackers tack might have an appeal to it. You had us going to war in the gulf a few days back, taking on the greens and showing them we can pump without spilling, all the while telling the hacks that they can have that useless IT system data for free and you are moving on with a different and more secure network is just a walk in the park.

Quiet idle day at home for me is a fine devils workshop. Not quite Barry level but working to get there.

https://us-cert.cisa.gov/ncas/alerts/

aa20-Alert (AA20-049A)
Ransomware Impacting Pipeline Operations
Original release date: February 18, 2020 | Last revised: October 24, 2020


Damned the government regulation of our industries (pink). Just leave us alone, we won't harm the environment, we will sell our products at a fair price. Once the mantra of the GOP and both big and small business owners.

The above link was an alert published and updated in the year 2020 by CISA, Cybersecurity and Infrastructure Security Agency.

These guys are the federal government and they really are there to help. If only the Colonial folks had read this alert and took for action.