A leak in a boiler component forced Ohau, Hawaii, residents to go into electricity conservation mode after two power generators went out of service.
While one power generator is now working, another remains out of service.
Hawaiian Electric (HECO) asked customers to conserve power last Monday night because of problems at Kalaeloa and Waiau power plants.
With demand for electricity up and two major generators down, HECO went into conservation mode. By mid-evening, crews fixed one of the problems.
“There was a leak in the component in one of the boilers so we needed to make sure that was corrected before we could bring it back into service,” said HECO spokesman Darren Pai.
Pai said workers found the problem at Waiau this past weekend during scheduled maintenance. After fixing the problem, the all-clear went out to customers despite Kalaeloa not up and running. Officials said in that case there’s an issue with the connection between the power plant and the electrical grid. Crews are still trying to figure out how to fix that problem.
HECO officials said they’re trying to improve their energy storage to prevent these types of situations in the future.
“Energy storage can be a number of different technologies, batteries or some other technologies, essentially what they do is store energy to be used at a later time,” Pai said.
But these types of projects won’t be in service for another three years. HECO is also looking at time-table pricing, basically charging different rates for different times of the day.
As for the Kalaeloa power plant, it continues to operate at about half of its maximum output. HECO did not know when the problem would end up fixed.
By Gregory Hale
It wasn’t too long ago when industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems were in the scope of the bad guys. These systems, sometimes close to 30 years old and considered easy pickings, were suffering hacks, or threatened hacks, on a fairly regular basis.
The thing is, they still are.
When you looked at the headlines a year or two ago, they talked about Stuxnet, Night Dragon, Shamoon, Saudi Aramco, RasGas, ExxonMobil, Shell, just to name a few. Now the news still talks about hack attacks, but they are of a different kind. This time the retail sector is in the crosshairs. Just look at Target, Neiman Marcus, and most recently Home Depot.
Home Depot is the latest retailer to suffer a major credit card data breach that may have started in late April or early May.
The Atlanta-based home improvement retailer is now working with banks and law enforcement to investigate “unusual activity” that would point to a hack.
It is easy to say this is just the retail sector and it doesn’t affect manufacturing, but that is not true. Just how should the manufacturing industry react to the point of sale (PoS) attacks going on in the retail sector?
The main thing is, security professionals in the industry should remain vigilant and keep their mind in the game and know an attack is just a click away.
“I have been watching the PoS issues, including several notifications from the NCCIC (National Cybersecurity and Communications Integration Center),” said Joel Langill, ICS cyber security consultant and founder of SCADAhacker.com. “I believe that this is ‘the retail industry’s Stuxnet.’ The recent Target and Neiman Marcus breach put these systems on the front page of the mainstream media, so all of those researchers shifted focus and are now having fun finding problems throughout these systems.”
Researchers, however are finding similarities between retail systems and ICS/SCADA systems.
“I think there is a lot of comparisons between the attacks hitting the PoS terminals and the manufacturing world,” said Graham Speake, vice president and chief product architect at NexDefense, Inc. “While the attackers are obviously after credit card information in these attacks, it does show the sophistication of the attackers. Like an industrial control system, the PoS network is normally a separate network with links to the main business network. The lack of attention to the PoS network in terms of what communications are occurring and egress monitoring, a fairly static network with real time devices on it and devices that are not updated/upgraded frequently are also characteristics of industrial control networks.”
In the dynamic and evolving security environment, bad guys continue to find new ways to get into systems, but these attackers are not moving from industry to industry like a bunch of 7-year-olds chasing a ball while playing a soccer game. In most cases, these are professional attackers on a very specific mission going after their target.
“I don’t believe that it is the same set of threat actors, so manufacturing should not lower their guard thinking that the bad guys have shifted targets — it is a new set of bad guys with the same ones still targeting manufacturing,” Langill said. “Havex (Dragonfly, Energetic Bear, Crouching Yeti) should have shown this, and should have opened everyone’s eyes to the new tactics of exploiting ‘trusted relationships.’”
“Owners of PoS networks had put in defenses to protect that data, even regulated with PCI standards, but the lack of visibility allowed multiple breaches (even after the Target warnings),” Speake said. “Attackers could turn their attention to ICS networks and, using similar attack tools and methods, gain access to these networks, not for credit card scraping but for extortion or disruption.”
Two employees of Calumet Refinery in Great Falls, MT, and a Great Falls firefighter went to the hospital late Wednesday after suffering low-level chemical exposure.
Firefighters got the call to the refinery at 9:42 p.m., and soon determined the medical injuries to the employees may have been due to exposure to hydrogen sulfide, or H2S, and moved the employees to Benefis Health Systems for treatment.
While on scene, a Great Falls Firefighter suffered possible exposure to the chemical and also went to Benefis.
The 11-year veteran firefighter is currently in stable condition.
H2S is an inhalation hazard and ended up confined to the tank in the area. The low-level exposure stayed on the Calumet property and does not pose a danger to the community, officials said.
Calumet Refinery is now back to operating the facility.
Great Falls Fire Rescue meets regularly with Calumet regarding safety training and community concerns.
Noel Ryan, vice president of investor/media relations for Calumet, released the following statement Thursday:
“Calumet had an incident on Wednesday night at the Great Falls, Montana refinery where two employees were taken to Benefis Health Systems for observation following exposure to chemical vapors. The low level exposure was confined to the Calumet property line and does not pose a hazard to the local community. Production at the facility remains unaffected by this incident. The safety and wellbeing of our employees and contractors remains our top priority. We intend to collaborate with the authorities in our joint investigation of the incident.”
“An operational incident on a process unit” at the BP Whiting refinery in Whiting, IN, led to one worker going to the hospital Wednesday night.
A Whiting Fire Department spokesman said an explosion occurred at 9:05 p.m. and residents could hear it clearly several blocks from the plant. People as far as two miles away reported feeling the explosion.
But the fire spokesman said when Whiting Fire commanders called the plant to ask if they needed any help, plant officials told them to stand by and that BP was handling it internally with its own fire department and ambulances.
BP spokesman Scott Dean confirmed the refinery experienced “an operational incident on a process unit on the north end of the refinery.”
The refinery’s in-house fire department put the fire out by 11 p.m. One employee went to the hospital as a precaution, but ended up released.
The explosion came exactly 59 years after a massive fire at the refinery, then known as the Standard Oil Refinery. Two people died and the surrounding neighborhood suffered severe damage from the fire.
By Eric Knapp
In films, cyber incidents have long been able to cross the divide from the digital to the physical. We’ve seen fictional code destroy everything from top-secret government facilities to invading alien spaceships. We’ve seen criminals ransom companies, cities and even nations under the threat of some impending cyber-catastrophe. Just a few years ago, these scenarios were confined to the realm of science fiction.
Now, they’re an unfortunate part of history. Like many technologies introduced to us through science fiction, malware has evolved to a level where these types of threats are not only possible, some of them have actually been realized.
Malware has grown up.
Decades ago, the creeper malware was popping up on computer screens, challenging users to “catch me if you can.” Today, malware is a bit more sophisticated. It’s modular, intelligent and highly adaptive, able to recognize the systems upon which it’s installed and change its behavior accordingly. It’s sneaky, capable of hiding it’s tracks, burrowing into legitimate processes, and—if it is discovered—mutating, surviving reboots and remaining frustratingly persistent.
The first highly publicized example of fiction turning to fact happened over four years ago, when a nuclear facility was effectively sabotaged via a custom, targeted cyber weapon.
Cyber incidents resulted in physical consequences even earlier but never before using such sophisticated and focused malware, specifically targeting industrial control systems. Words like “military-grade malware” and “weaponized cyber” and “cyber war” were seen in headlines around the globe.
In the past years, the trend has continued at an alarming rate.
We’ve seen examples of coordinated cyber-espionage campaigns such as Night Dragon, DuQu and more recently Dragonfly. We’ve also seen increasingly complex malware, such as the Flame virus, which represents over 20 megabytes of modular, commercial-grade malware. Its capabilities included everything from eavesdropping on Skype conversations to stealing data from nearby Bluetooth devices; a new generation of cyber espionage.
The most recent cyber espionage campaign is still ongoing: the Havex RAT (Remote Access Toolkit) is another example of a complex and persistent malware. Through the clever use of Trojanized vendor updates, it was able to infect very targeted users in the energy industry. Once infected, Havex scanned for OPC servers and began to enumerate industrial systems. What will happen next? We can only speculate. Anything that we might guess at this point would be … fiction.
Instead of speculating, we can look at the trends of evolving cyber capabilities. By understanding how malware has evolved, and how it continues to be created, we can better understand the threat that it represents.
Malware today is an industry. Like the software industry, the quality and complexity of the product varies, but malware can be (and often is) a commercial-grade product. Why is malware created? For the same reasons that any other product is created: For profit. To launch a successful cyber attack, one needs to have both motive and means. The means, or in this case the malware, can be purchased online. So what about motive?
Again, we can draw upon history to guide us. According to the 2013 Verizon Data Investigations Report, 20 percent of incidents are now targeting energy, transportation and critical manufacturing organizations. In addition to DuQu and Flame, we’ve seen new examples of targeted cyber attacks. Saudi national oil company, Saudi Aramco, was hit hard by the W32.Disttrack virus, also known as Shamoon. The attack was one of the most destructive cyber strikes in history, stealing data and over-writing the boot sectors of infected machines, effectively decommissioning over 30,000 computers.
In early 2013, several Saudi Arabia government websites were temporarily disabled after a series of cyber-attacks. Even more recently a politically motivated group of hackers called AnonGhost threatened to launch cyber-attacks on energy companies Adnoc and Enoc among others globally. They claimed to be protesting the use of the dollar by these companies to trade oil.
It might read like science fiction, but it’s not. And understanding the reality of the situation is the first step toward effective cyber defense.
For vendors, it means understanding how a cyber attack might impact components and systems, and making changes to mitigate that risk. It means implementing a Secure Development Life Cycle (SDLC), with threat modeling, static code analysis, and iterations of reviews, tests and even certifications to ensure that every new product is as secure as it can be, out of the box. It means investing in new technologies, to provide additional layers of security, safety and reliability to new and legacy industrial control systems. It means changing the way they think about cyber security.
For asset owners, it also requires a cultural shift. Cyber security can no longer be explained away as unlikely, or improbable. As a target, you need to think like a target: Where could an attack come from? What could be compromised? How, and why? What would happen if a cyber attack succeeded?
From one perspective, it’s a prescription for paranoia. From another perspective, it’s a rational exercise in risk assessment, to determine what the real risk of a cyber incident might be so appropriate counter measures can end up implemented. It’s a very subtle shift in thinking that will result in a massive improvement in our overall cyber security posture.
So watch those science fiction movies, read some mystery novels, and start to think like a bad guy. If we can understand the threat, we can model it, predict it, and—with some luck — stop it.
There’s not much difference between a virus that can destroy an industrial centrifuge, the one in the movies that destroyed the mothership of an invading alien space fleet, and the next one — the one that hasn’t happened yet, and the consequences of which we can only imagine.
Eric Knapp is global director of cyber security solutions and technology for Honeywell Process Solutions.
Two storage tanks used to hold oil and condensate caught fire Friday night resulting in two explosions on a well pad in a remote area of Mercer County, PA.
Two explosions ended up reported at 8 p.m. Firefighters on the scene reported that 200 gallons of oil stored at the location caught fire.
Fire departments from as far away as Lawrence County helped assist in battling the two-alarm blaze. One department brought in equipment capable of spreading foam, which they use to smother oil fires. There is a combination gas and oil well at the location, but crews on the scene reported the well did not explode.
“Friday evening two of our storage tanks used to hold oil and condensate caught fire on one of our well pads located in Mercer County,” said officials at Hilcorp Energy, which operates the well. “The appropriate local and state authorities were immediately notified and local first responders were on location shortly after the call. There were no injuries and the fire only lasted approximately forty-five minutes. We are in the process investigating the cause which remains undetermined at this time.”
The fire was out by 9:30 p.m. and there were no reports of injuries.
The Pennsylvania Department of Environmental Protection was at the scene to investigate.
Two plant fires at separate chemical facilities led to damages and shutdowns, and only minor injuries, officials said.
On Sunday night around 10 p.m. there was an explosion reported at Eastman Chemical Company in Kingsport, TN, at one of the gates off of Lincoln Street.
The explosion happened in one of Eastman’s research facilities, said Betty Payne, corporate communications director. She said windows and doors ended up blown out, but no one suffered serious injuries.
One employee went to Holston Valley Medical Center and released a short time later. Two other employees went to Eastman’s on-site medical facility and released to return to work.
Payne said there is no reason to believe the explosion will have an impact on human health, or the environment. The cause of the explosion remains under investigation.
Meanwhile, there was a structure fire at the BP Chemical Company plant in Huger, SC, Tuesday.
The BP Incident Management Team and Emergency Response Team responded after a reported fire at 1:30 p.m. in the #1 Unit Compressor Building, officials said.
As a result, workers shut down the unit and isolated the compressor.
All employees are safe and accounted for, according to a release. The cause of the fire or the extent of the damage is still under investigation.
An investigation is continuing into a fire sparked by the explosion of a tank at the Diamond Green Biodiesel plant in Norco, LA.
While the explosion rattled windows miles away, there were no injuries in the Sunday night blast and fire, and parish officials say no protective actions were necessary. Soon after the blast, St. Charles Parish officials gave the all-clear signal.
There was no word Monday on the cause of the explosion. However, the production unit involved has been shut down, a parish official said.
Air monitoring crews in the area detected no unusual readings, parish spokeswoman Renee Simpson said. There are no road closures, she said.
The plant is a joint venture of Diamond Alternative Energy LLC, a subsidiary Valero Energy Corp., and Darling International Inc. The plant processes recycled animal fat, used cooking oil and other feedstocks into renewable diesel fuel, the company said.
The refinery employs 40 people, and all personnel ended up accounted for, company spokeswoman Taryn Rogers said. The cause of the fire is under investigation, she said.
The fire did not affect operations at the Valero St. Charles refinery, which shares the same campus, Rogers said.
Omega Protein resumed operations following the July 28 fatal explosion at its fish processing facility in Moss Point, MS, company spokesman Ben Landry said.
“The reopening of the plant came after the comprehensive inspection of the equipment in the plant,” he said.
The company’s fishing vessels resumed their normal fishing operations Wednesday night, Landry said, and the plant should begin processing when the vessels return to the facility.
Jerry Lee Taylor II, 25, died, and three other subcontractors suffered injuries, with one serious.
The contract workers were working near the plant’s fish oil storage tanks when one of the five tanks exploded just before 9:30 a.m., authorities said at the time.
It could be a while before investigators piece together the series of events that caused the fatal explosion.
The company operates a menhaden, or pogy, fishing fleet and processing facility in Moss Point.
It produces fish oils and fish meal for human consumption and for use in aquaculture, agriculture and industrial applications.
One man suffered chemical burns and another ended up treated at a hospital in Pennsylvania, while another incident in Michigan forced a plant evacuation after separate chemical fires broke out.
In the Pennsylvania incident, a man suffered chemical burns over 60 percent of his body after a chemical fire inside a colorant company’s facility caused a hazmat situation in Montgomery County Thursday night.
Fire crews responded to reports of a blaze at Penn Color Inc. on the 2800 block of Richmond Road, Hatfield, PA, around 9 p.m. The fire was under control at 9:32 p.m., according to officials.
Medics airlifted the man to Lehigh Valley Hospital. There was no word on his condition.
A second victim went to Lansdale Hospital with non-life threatening injuries, officials said.
Officials have yet to disclose what chemical burned in the blaze, but the building contains potentially hazardous products, according to reports. The Montgomery County Fire Marshal is investigating the fire’s cause.
Doylestown-based Penn Color has multiple facilities along the East Coast, as well as in Europe and India, according to its website.
Meanwhile, investigators said a piece of machinery is to blame for an overnight fire Friday at a lakeshore business in Holland, MI.
It happened on Brooks Avenue near 40th Street in Holland. Crews received the call to the Uniform Color Company around 1:30 a.m. Friday after a security guard noticed flames in the complex’s ventilation system. When firefighters arrived, they found heavy smoke in the building, forcing workers to evacuate.
Investigators believe process equipment caused material in the duct work to catch fire. Crews contained the flames to the ventilation system.
The fire caused an estimated $5,000 in damage. No one suffered an injury in the incident.
Uniform Color manufactures custom color and additives for the thermoplastics industry and is a supplier for the automotive, furniture, appliance, cosmetics and housewares industries, according to the company’s website.