“An operational incident on a process unit” at the BP Whiting refinery in Whiting, IN, led to one worker going to the hospital Wednesday night.
A Whiting Fire Department spokesman said an explosion occurred at 9:05 p.m. and residents could hear it clearly several blocks from the plant. People as far as two miles away reported feeling the explosion.
But the fire spokesman said when Whiting Fire commanders called the plant to ask if they needed any help, plant officials told them to stand by and that BP was handling it internally with its own fire department and ambulances.
BP spokesman Scott Dean confirmed the refinery experienced “an operational incident on a process unit on the north end of the refinery.”
The refinery’s in-house fire department put the fire out by 11 p.m. One employee went to the hospital as a precaution, but ended up released.
The explosion came exactly 59 years after a massive fire at the refinery, then known as the Standard Oil Refinery. Two people died and the surrounding neighborhood suffered severe damage from the fire.
By Eric Knapp
In films, cyber incidents have long been able to cross the divide from the digital to the physical. We’ve seen fictional code destroy everything from top-secret government facilities to invading alien spaceships. We’ve seen criminals ransom companies, cities and even nations under the threat of some impending cyber-catastrophe. Just a few years ago, these scenarios were confined to the realm of science fiction.
Now, they’re an unfortunate part of history. Like many technologies introduced to us through science fiction, malware has evolved to a level where these types of threats are not only possible, some of them have actually been realized.
Malware has grown up.
Decades ago, the creeper malware was popping up on computer screens, challenging users to “catch me if you can.” Today, malware is a bit more sophisticated. It’s modular, intelligent and highly adaptive, able to recognize the systems upon which it’s installed and change its behavior accordingly. It’s sneaky, capable of hiding it’s tracks, burrowing into legitimate processes, and—if it is discovered—mutating, surviving reboots and remaining frustratingly persistent.
The first highly publicized example of fiction turning to fact happened over four years ago, when a nuclear facility was effectively sabotaged via a custom, targeted cyber weapon.
Cyber incidents resulted in physical consequences even earlier but never before using such sophisticated and focused malware, specifically targeting industrial control systems. Words like “military-grade malware” and “weaponized cyber” and “cyber war” were seen in headlines around the globe.
In the past years, the trend has continued at an alarming rate.
We’ve seen examples of coordinated cyber-espionage campaigns such as Night Dragon, DuQu and more recently Dragonfly. We’ve also seen increasingly complex malware, such as the Flame virus, which represents over 20 megabytes of modular, commercial-grade malware. Its capabilities included everything from eavesdropping on Skype conversations to stealing data from nearby Bluetooth devices; a new generation of cyber espionage.
The most recent cyber espionage campaign is still ongoing: the Havex RAT (Remote Access Toolkit) is another example of a complex and persistent malware. Through the clever use of Trojanized vendor updates, it was able to infect very targeted users in the energy industry. Once infected, Havex scanned for OPC servers and began to enumerate industrial systems. What will happen next? We can only speculate. Anything that we might guess at this point would be … fiction.
Instead of speculating, we can look at the trends of evolving cyber capabilities. By understanding how malware has evolved, and how it continues to be created, we can better understand the threat that it represents.
Malware today is an industry. Like the software industry, the quality and complexity of the product varies, but malware can be (and often is) a commercial-grade product. Why is malware created? For the same reasons that any other product is created: For profit. To launch a successful cyber attack, one needs to have both motive and means. The means, or in this case the malware, can be purchased online. So what about motive?
Again, we can draw upon history to guide us. According to the 2013 Verizon Data Investigations Report, 20 percent of incidents are now targeting energy, transportation and critical manufacturing organizations. In addition to DuQu and Flame, we’ve seen new examples of targeted cyber attacks. Saudi national oil company, Saudi Aramco, was hit hard by the W32.Disttrack virus, also known as Shamoon. The attack was one of the most destructive cyber strikes in history, stealing data and over-writing the boot sectors of infected machines, effectively decommissioning over 30,000 computers.
In early 2013, several Saudi Arabia government websites were temporarily disabled after a series of cyber-attacks. Even more recently a politically motivated group of hackers called AnonGhost threatened to launch cyber-attacks on energy companies Adnoc and Enoc among others globally. They claimed to be protesting the use of the dollar by these companies to trade oil.
It might read like science fiction, but it’s not. And understanding the reality of the situation is the first step toward effective cyber defense.
For vendors, it means understanding how a cyber attack might impact components and systems, and making changes to mitigate that risk. It means implementing a Secure Development Life Cycle (SDLC), with threat modeling, static code analysis, and iterations of reviews, tests and even certifications to ensure that every new product is as secure as it can be, out of the box. It means investing in new technologies, to provide additional layers of security, safety and reliability to new and legacy industrial control systems. It means changing the way they think about cyber security.
For asset owners, it also requires a cultural shift. Cyber security can no longer be explained away as unlikely, or improbable. As a target, you need to think like a target: Where could an attack come from? What could be compromised? How, and why? What would happen if a cyber attack succeeded?
From one perspective, it’s a prescription for paranoia. From another perspective, it’s a rational exercise in risk assessment, to determine what the real risk of a cyber incident might be so appropriate counter measures can end up implemented. It’s a very subtle shift in thinking that will result in a massive improvement in our overall cyber security posture.
So watch those science fiction movies, read some mystery novels, and start to think like a bad guy. If we can understand the threat, we can model it, predict it, and—with some luck — stop it.
There’s not much difference between a virus that can destroy an industrial centrifuge, the one in the movies that destroyed the mothership of an invading alien space fleet, and the next one — the one that hasn’t happened yet, and the consequences of which we can only imagine.
Eric Knapp is global director of cyber security solutions and technology for Honeywell Process Solutions.
Two storage tanks used to hold oil and condensate caught fire Friday night resulting in two explosions on a well pad in a remote area of Mercer County, PA.
Two explosions ended up reported at 8 p.m. Firefighters on the scene reported that 200 gallons of oil stored at the location caught fire.
Fire departments from as far away as Lawrence County helped assist in battling the two-alarm blaze. One department brought in equipment capable of spreading foam, which they use to smother oil fires. There is a combination gas and oil well at the location, but crews on the scene reported the well did not explode.
“Friday evening two of our storage tanks used to hold oil and condensate caught fire on one of our well pads located in Mercer County,” said officials at Hilcorp Energy, which operates the well. “The appropriate local and state authorities were immediately notified and local first responders were on location shortly after the call. There were no injuries and the fire only lasted approximately forty-five minutes. We are in the process investigating the cause which remains undetermined at this time.”
The fire was out by 9:30 p.m. and there were no reports of injuries.
The Pennsylvania Department of Environmental Protection was at the scene to investigate.
Two plant fires at separate chemical facilities led to damages and shutdowns, and only minor injuries, officials said.
On Sunday night around 10 p.m. there was an explosion reported at Eastman Chemical Company in Kingsport, TN, at one of the gates off of Lincoln Street.
The explosion happened in one of Eastman’s research facilities, said Betty Payne, corporate communications director. She said windows and doors ended up blown out, but no one suffered serious injuries.
One employee went to Holston Valley Medical Center and released a short time later. Two other employees went to Eastman’s on-site medical facility and released to return to work.
Payne said there is no reason to believe the explosion will have an impact on human health, or the environment. The cause of the explosion remains under investigation.
Meanwhile, there was a structure fire at the BP Chemical Company plant in Huger, SC, Tuesday.
The BP Incident Management Team and Emergency Response Team responded after a reported fire at 1:30 p.m. in the #1 Unit Compressor Building, officials said.
As a result, workers shut down the unit and isolated the compressor.
All employees are safe and accounted for, according to a release. The cause of the fire or the extent of the damage is still under investigation.
An investigation is continuing into a fire sparked by the explosion of a tank at the Diamond Green Biodiesel plant in Norco, LA.
While the explosion rattled windows miles away, there were no injuries in the Sunday night blast and fire, and parish officials say no protective actions were necessary. Soon after the blast, St. Charles Parish officials gave the all-clear signal.
There was no word Monday on the cause of the explosion. However, the production unit involved has been shut down, a parish official said.
Air monitoring crews in the area detected no unusual readings, parish spokeswoman Renee Simpson said. There are no road closures, she said.
The plant is a joint venture of Diamond Alternative Energy LLC, a subsidiary Valero Energy Corp., and Darling International Inc. The plant processes recycled animal fat, used cooking oil and other feedstocks into renewable diesel fuel, the company said.
The refinery employs 40 people, and all personnel ended up accounted for, company spokeswoman Taryn Rogers said. The cause of the fire is under investigation, she said.
The fire did not affect operations at the Valero St. Charles refinery, which shares the same campus, Rogers said.
Omega Protein resumed operations following the July 28 fatal explosion at its fish processing facility in Moss Point, MS, company spokesman Ben Landry said.
“The reopening of the plant came after the comprehensive inspection of the equipment in the plant,” he said.
The company’s fishing vessels resumed their normal fishing operations Wednesday night, Landry said, and the plant should begin processing when the vessels return to the facility.
Jerry Lee Taylor II, 25, died, and three other subcontractors suffered injuries, with one serious.
The contract workers were working near the plant’s fish oil storage tanks when one of the five tanks exploded just before 9:30 a.m., authorities said at the time.
It could be a while before investigators piece together the series of events that caused the fatal explosion.
The company operates a menhaden, or pogy, fishing fleet and processing facility in Moss Point.
It produces fish oils and fish meal for human consumption and for use in aquaculture, agriculture and industrial applications.
One man suffered chemical burns and another ended up treated at a hospital in Pennsylvania, while another incident in Michigan forced a plant evacuation after separate chemical fires broke out.
In the Pennsylvania incident, a man suffered chemical burns over 60 percent of his body after a chemical fire inside a colorant company’s facility caused a hazmat situation in Montgomery County Thursday night.
Fire crews responded to reports of a blaze at Penn Color Inc. on the 2800 block of Richmond Road, Hatfield, PA, around 9 p.m. The fire was under control at 9:32 p.m., according to officials.
Medics airlifted the man to Lehigh Valley Hospital. There was no word on his condition.
A second victim went to Lansdale Hospital with non-life threatening injuries, officials said.
Officials have yet to disclose what chemical burned in the blaze, but the building contains potentially hazardous products, according to reports. The Montgomery County Fire Marshal is investigating the fire’s cause.
Doylestown-based Penn Color has multiple facilities along the East Coast, as well as in Europe and India, according to its website.
Meanwhile, investigators said a piece of machinery is to blame for an overnight fire Friday at a lakeshore business in Holland, MI.
It happened on Brooks Avenue near 40th Street in Holland. Crews received the call to the Uniform Color Company around 1:30 a.m. Friday after a security guard noticed flames in the complex’s ventilation system. When firefighters arrived, they found heavy smoke in the building, forcing workers to evacuate.
Investigators believe process equipment caused material in the duct work to catch fire. Crews contained the flames to the ventilation system.
The fire caused an estimated $5,000 in damage. No one suffered an injury in the incident.
Uniform Color manufactures custom color and additives for the thermoplastics industry and is a supplier for the automotive, furniture, appliance, cosmetics and housewares industries, according to the company’s website.
By Gregory Hale
Government sponsored malware attacks, once thought of a science fiction, are real and they are hitting industries, like the manufacturing industry, across the world.
Unlike the nuclear arms race, the cyber arms race has a bunch of governmental contestants, but no one really knows their strengths.
“Cyber warfare is not detectable, unlike nuclear warfare, which is. If you look at the changes in the threat landscape, the cyber arms race does not allow for (who has what technology), said Mikko Hyppönen, chief research officer for F-Secure during his talk Wednesday at Black Hat USA 2014 in Las Vegas. “Yes, the U.S. has capabilities, but what about the other countries? Government actively using malware is only about 10 years old. If you talked about that back then, it would sound like science fiction, but it is true.”
Hyppönen went into bit of a history lesson on government sponsored malware attacks, but he also talked about what some of the advantages governments get out of using malware.
Some of those benefits:
• Law enforcement
Russians ended up linked to some big malware attacks like CosmicDuke and Havex, Hyppönen said. Havex is interesting because it appears to be doing reconnaissance work in the industrial control industry.
“Havex is scanning ICS gear,” he said. “It doesn’t do anything, so we don’t actually know what it is doing. We think it could be fingerprinting; it is unclear, but it is interesting.”
What is also interesting, Hyppönen said, is its method of distribution. “To distribute the malware, they hacked four ICS vendors and infected them.” So, when their customers downloaded software from the vendors, they were then infected.
When you talk about government sponsored malware, one of the first major attacks was Stuxnet, which ISSSource reported was a joint project between the U.S. and Israel to damage Iran’s nuclear program by bringing down centrifuges at Iran’s Natanz facility.
Now the Stuxnet code is out and available on various web sites, you would think there would be more attacks.
“We expected more copy cats of Stuxnet, but we haven’t seen it yet, Hyppönen said. “We are surprised and that is good news.”
One of the more amusing fallouts from Stuxnet came a couple of years after when Hyppönen received an email out of the blue from a worker at the Iranian Atomic program, but not at Natanz. The email said: “There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was the American band acdc thunderstruck. It was all very strange and happened very quickly. the attackers also managed to gain root access to the machine they entered from and removed all the logs.”
Click here to review the slides from Hyppönen’s presentation.
While Hyppönen said he was unable to confirm the note, he said that is one of the things governments try to do and that is have victim country’s leaders lose faith in their engineers. They want to raise doubts. Once there is a lack of confidence, that hurts the country.
“When I joined this company in 1991, Hyppönen said, “I didn’t expect it to come to this, but that is what has happened.”
An explosion Thursday night at the Flint Hills Resources ethanol plant in Arthur, IA, shut down the plant until officials can inspect the damage.
The explosion occurred in a grain dryer, but officials are looking into the extent of the damage and the cause of the explosion, said Jake Reint, a spokesman for Flint Hills Resources.
The plant employs 50 people and operates 24 hours a day, Reint said. No one suffered an injury in the explosion.
“First we want to make sure the situation is safe, then look at the extent of the damage and then go about repairs,” he said.
Reint said it was unclear when the plant would reopen.
According to the Flint Hills Resources website, the company purchased the Arthur ethanol production facility in September 2013. The plant began operations in 2008 and produces 110 million gallons per year.
A Dunn County, ND, roustabout service is estimating that $80,000 worth of crude oil ended up stolen from tanks it maintains at two well sites north of Dunn Center.
Greg Krueger, the owner of K&R Roustabout, said he reported the theft of about 760 barrels of oil to the Dunn County sheriff’s office July 1.
“Somebody is going in there and taking oil,” Krueger said.
Cornerstone Natural Resources owns the wells, but Krueger said a K&R pumper was the first to raise a red flag after the amount of oil calculated in tanks at two different sites came up short and didn’t match truck tickets.
Under North Dakota law, the theft would be a Class B felony, punishable by up to 10 years in prison, a fine of $10,000 or both.
Dunn County Sheriff Clay Coker said his office is investigating the theft, adding that theft is the most probable answer to the missing oil because a seal to one tank was missing and a seal at another was broken. The sheriff’s office is unsure of the exact dates the thefts occurred, but they think they occurred over a weekend, Coker said.
Krueger said he thinks the thefts happened at night, adding the well sites that house the tanks are in secluded, rough terrain areas near Little Missouri State Park.
K&R has set up motion-activated cameras typically used for monitoring wildlife at well sites, Krueger said, to help prevent further losses.
North Dakota Department of Mineral Resources spokeswoman Alison Ritter said her office’s production audit department is aware of missing oil and is doing its part to help the investigation.
“Like anything else, it’s a valuable property,” Ritter said. “But the big thing where we would come in is if we could look at other run tickets we receive, and if anything seems off where we could provide a lead, we could do that.”