OT: Gas Craziness 2021

[ripvanrando]

Isn't the electrical grid much more decentralized and therefore less susceptible to a hacker than a single pipeline.

We're not all screwed if they access the electrical grid. Many people have taken the precautions to have backup power such as generators, solar panels, battery storage systems, wind, etc.

Having lived thru several multiweek outages, a minimal backup makes sense for me even if it is to keep the radiant heat pumps flowing to keep the house warm, a few lights, and keep the Fridge and freezers going. It really does not take much. If you want to A/C, different ball of wax.

[benb]

Most of what I've heard is the pipeline itself was well insulated from the attack.

The ransomware took over the windows computers at the pipeline company's HQ and they shut down service more over their inability to process/fulfill orders and run billing.

Shutting down control systems connected to the network in an infrastructure system is much much harder than hacking windows machines.

There's a lot of buzz about control systems being vulnerable and having poor security but it's still much much harder to hack them.

The hackers have to know what specialized systems are in place in an infrastructure system and then gain access to those systems, and it might be hard for someone overseas to buy them due to export controls.

Whereas they can just assume Windows is going to be present, and everyone has access to Windows, and there's this global tsunami of hackers/crackers sharing everything about Windows and all the vulnerabilities, etc..

Stuxnet style hacks are vastly more scary but that is an entirely different level of sophistication to pull that off... we have still only seen the NSA and/or Mossad pull off that type of attack.

Chinese/Russian hackers with government backing will certainly be able to do that kind of stuff but it requires real money getting the hardware in question into a lab and then doing real security research on it, then setting up multi-stage attacks to get access to the network first through say the Windows machines and then move into the control systems. It can take multiple hacks over years, they might need to hack in first and install surveillance hacks, use that to gather data on what's inside the network, then acquire the specialized hardware in question and begin to hack it. These Windows hacks we typically see are literally things a teenager can do for free in their parents basements.

The hacks against Iran involved the US and/or Israel doing multi-stage hacks over years:

- Hack into the nuclear program
- Collect data on what kinds of systems the Iranians were using to control centrifuges
- Buy Siemens centrifuge systems and do security research on them
- Write a hack for Windows that could take over systems, check if they were connect to siemens systems, and then have the windows hack deliver a Siemens hack to the siemens hardware
- Then trigger the damage to the siemens hardware

You would need to do a similar set of steps to actually make a pipeline explode or an electrical control system overload. And if the system attached to the pipeline/grid was well designed it might have software controls in place that won't even allow a command to do physical damage.

In the case of the Stuxnet hack IIRC the US/Israel even made the hack download a hacked firmware update into the centrifuge controllers that lifted limits on controls that Siemens had put into to keep the computer from being able to break the centrifuges.

[Red Tornado]

Quote:

Originally Posted by oldpotatoe

POY
Post Of Yesterday.

Funny(like funny strange) to see ALL those people rushing to buy a GBT, Great Big Truck. Auto makers love it cuz they make more money per on them. Not 'bad' mileage on these, BUT, might sting a bit when gas goes to $5 per or so.

The US driver has gotten lazy(what a surprise)...with 'cheap' gas. Gas in Europe is twice(+?) what it is in the US.

Used to work for an Italian company. Last time I was over there (mid-2003) IIRC fuel was 1,25 Euros per litre. So, in today's money, roughly $6 per gallon. I'd bet the "per litre" price has gone up since then, though.

[Clean39T]

Quote:

Originally Posted by ripvanrando

Isn't the electrical grid much more decentralized and therefore less susceptible to a hacker than a single pipeline.

We're not all screwed if they access the electrical grid. Many people have taken the precautions to have backup power such as generators, solar panels, battery storage systems, wind, etc.

Cybersecurity has been a priority for the North American Electric Reliability Council (NERC) for years.

Recent activity has only increased the attention paid: https://www.washingtonpost.com/polit...cybersecurity/ and https://thehill.com/opinion/cybersec...-not-a-panacea

The grid is both decentralized in that there are hundreds of companies in each region of the US responsible for keeping the lights on - and incredibly centralized in that any significant degradation in frequency caused by the loss of a large generator or transmission line can bring the whole system down if protocols are not followed to a T. You don't have to go back very far to see how a small disturbance or mistake in one area can have huge impacts further down the line. https://en.wikipedia.org/wiki/2011_Southwest_blackout or https://en.wikipedia.org/wiki/Northe...ackout_of_2003.

[ERK55]

Quote:

Originally Posted by Red Tornado

Used to work for an Italian company. Last time I was over there (mid-2003) IIRC fuel was 1,25 Euros per litre. So, in today's money, roughly $6 per gallon. I'd bet the "per litre" price has gone up since then, though.

Gas price in Italy was ~ $5/gallon when I lived there in 1978. That’s 43 years ago.

[bking]

I think as unfortunate as the actions of the lady with a bag of gas, the one on the end of the camera. It's obvious this lady needed some help. Perhaps it would have come to no good, but someone should have tried as chances were good that the woman, or at least the car, doesn't make it all the way home that day.
We whip out cameras now rather than reach out.

[Clean39T]

Quote:

Originally Posted by bking

I think as unfortunate as the actions of the lady with a bag of gas, the one on the end of the camera. It's obvious this lady needed some help. Perhaps it would have come to no good, but someone should have tried as chances were good that the woman, or at least the car, doesn't make it all the way home that day.
We whip out cameras now rather than reach out.

+ 1000

It's one thing to get a nice video of a seagull shoplifting (https://www.mirror.co.uk/news/uk-new...-make-24098511) -- but if there's actual danger involved, it'd be nice to see people put the camera down and help their fellow citizen not win a darwin award by accident..

[Mikej]

Quote:

Originally Posted by benb

Most of what I've heard is the pipeline itself was well insulated from the attack.

The ransomware took over the windows computers at the pipeline company's HQ and they shut down service more over their inability to process/fulfill orders and run billing.

Shutting down control systems connected to the network in an infrastructure system is much much harder than hacking windows machines.

There's a lot of buzz about control systems being vulnerable and having poor security but it's still much much harder to hack them.

The hackers have to know what specialized systems are in place in an infrastructure system and then gain access to those systems, and it might be hard for someone overseas to buy them due to export controls.

Whereas they can just assume Windows is going to be present, and everyone has access to Windows, and there's this global tsunami of hackers/crackers sharing everything about Windows and all the vulnerabilities, etc..

Stuxnet style hacks are vastly more scary but that is an entirely different level of sophistication to pull that off... we have still only seen the NSA and/or Mossad pull off that type of attack.

Chinese/Russian hackers with government backing will certainly be able to do that kind of stuff but it requires real money getting the hardware in question into a lab and then doing real security research on it, then setting up multi-stage attacks to get access to the network first through say the Windows machines and then move into the control systems. It can take multiple hacks over years, they might need to hack in first and install surveillance hacks, use that to gather data on what's inside the network, then acquire the specialized hardware in question and begin to hack it. These Windows hacks we typically see are literally things a teenager can do for free in their parents basements.

The hacks against Iran involved the US and/or Israel doing multi-stage hacks over years:

- Hack into the nuclear program
- Collect data on what kinds of systems the Iranians were using to control centrifuges
- Buy Siemens centrifuge systems and do security research on them
- Write a hack for Windows that could take over systems, check if they were connect to siemens systems, and then have the windows hack deliver a Siemens hack to the siemens hardware
- Then trigger the damage to the siemens hardware

You would need to do a similar set of steps to actually make a pipeline explode or an electrical control system overload. And if the system attached to the pipeline/grid was well designed it might have software controls in place that won't even allow a command to do physical damage.

In the case of the Stuxnet hack IIRC the US/Israel even made the hack download a hacked firmware update into the centrifuge controllers that lifted limits on controls that Siemens had put into to keep the computer from being able to break the centrifuges.

OR, find a p-o'd employee and give him $500 for his login credentials.

[C40_guy]

Quote:

Originally Posted by benb

I work on a computer security product and we already have tons of government certifications and programs we have to go through to sell to the military/government. I am already envisioning feature requirements coming down the pike that we have to implement from this.

Just another day, another hack, in the security business. That Exchange hack is going to have repercussions for a long time...

[likebikes]

so is the gasoline shortage over or what?

i have 3/4 of a tank left and wondering if i should be worrying or not.

[tuscanyswe]

Quote:

Originally Posted by Red Tornado

Used to work for an Italian company. Last time I was over there (mid-2003) IIRC fuel was 1,25 Euros per litre. So, in today's money, roughly $6 per gallon. I'd bet the "per litre" price has gone up since then, though.

Here in sweden gas is around 1.5 euro per litre. I think italy has very similar pricing.

[Clancy]

Quote:

Originally Posted by bking

We whip out cameras now rather than reach out.

So perfectly said. What is so perfect is that it states the issues in one quick, simple to digest, and very powerful statement.

Thank you for that one. I’m going to remember it. Although I wish it wasn’t the case.

[MikeD]

Quote:

Originally Posted by bking

I think as unfortunate as the actions of the lady with a bag of gas, the one on the end of the camera. It's obvious this lady needed some help. Perhaps it would have come to no good, but someone should have tried as chances were good that the woman, or at least the car, doesn't make it all the way home that day.

We whip out cameras now rather than reach out.

What that lady did was seriously stupid, illegal, and highly dangerous. To go over and help her in this endeavor would be doubly stupid and to put one's life at risk. Moving to a safe distance and calling the authorities would be the sensible thing to do.

[reuben]

Quote:

Originally Posted by likebikes

i have 3/4 of a tank left and wondering if i should be worrying or not.

If your chain is clean and lubed, and the brake pads are in good shape, you should be fine. I wouldn't even bother changing handlebar tape.

[ripvanrando]

Quote:

Originally Posted by Clean39T

Cybersecurity has been a priority for the North American Electric Reliability Council (NERC) for years.

Recent activity has only increased the attention paid: https://www.washingtonpost.com/polit...cybersecurity/ and https://thehill.com/opinion/cybersec...-not-a-panacea

The grid is both decentralized in that there are hundreds of companies in each region of the US responsible for keeping the lights on - and incredibly centralized in that any significant degradation in frequency caused by the loss of a large generator or transmission line can bring the whole system down if protocols are not followed to a T. You don't have to go back very far to see how a small disturbance or mistake in one area can have huge impacts further down the line. https://en.wikipedia.org/wiki/2011_Southwest_blackout or https://en.wikipedia.org/wiki/Northe...ackout_of_2003.

Thanks, that confirms how I was think of it in terms of cyber attacks.

Physical attacks are a different story.

I worked several months in a transformer factory a long time ago. I always wondered if we have a strategic stockpile of them,and now that all the US facilities that used to make them are closed. I think it all went to China.
Transformers have vulnerability. Large industrial transformers are not quickly replaced, think many, many months or perhaps a year.