By Gregory Hale
Sometimes you can reach your goal by starting from nothing and cobbling together thoughts and ideas piece by piece by piece until it makes connections and the result is a final product.
There is no initial vision, but that comes together after working and living through the experience. Kind of a Monday morning quarterback thing.
Other times there is a vision from the top or someone that had an idea and simply says, here is a plan, let’s execute on it and it will help us move forward.
No matter how it comes together, the end result is the mission. When it comes to security, it is amazing how quickly professionals can get mired in the muck of everyday experiences and lose sight of what that mission truly is.
That big picture of every manufacturer is to keep systems up and running, producing product and safeguarding intellectual property and keeping everyone safe. Pretty simple, right?
Security today compared to five years ago – and maybe even a year if you talk to some industry experts – is night and day. Not quite where the industry should be, but further advanced than it was.
“For years we admired the problem. Today, it is not uncommon when you buy a controller there are more secure enhancements,” said Mike Assante, Industrial & Infrastructure Practice ICS/SCADA lead at the SANS Institute, during his keynote at the SANS ICS Security Summit in Orlando, FL, Monday. “Fundamentally, security is being designed into control elements. There are more areas where security has to catch up, but we are getting there. Over time, we saw a combination of skill sets. There is progress.”
The days of only adding security in to a proposal only if you are asked about it are long gone because end users are expecting it to be in the solution.
“More companies are putting it in the safety category,” Assante said.
But in this changing landscape, “it is not a question of progress, but can we keep pace. In a changing landscape, models are changing, we are dynamic. This the main event. More companies are moving toward digital technologies.”
What people used to say was the potential for attacks is now falling in line with real attacks on real critical infrastructure.
Use the most recent attack in the Ukraine as a case in point. In that attack, civilians lost power for just over an hour after a cyber attack against the utility.
“The stakes are growing with expanding attack surfaces,” Assante said. “We understand how exposed we are in the architectures. We have seen a shift in motivations and diversity of attacks. We have always known they were possible now we are seeing them demonstrated. We are seeing attacks that are damaging devices at the firmware level.”
With the Ukraine attacks used as a barometer, Assante said the security industry has to fall back and use the growth and stability of the safety movement as an aid.
“We have done incredible things with safety. We have dealt well with accidents, storms and errors. Now the biggest challenge is in the cyber domain. The complexity and the level of abstraction has been difficult to see. Complexity and abstraction of software is creating a challenge. I think we are up to the challenge.”
One person living that challenge every day is Sanford Rice, SCADA system developer at Atmos Energy Corporation, a gas pipeline company.
Rice, a control engineer by trade and a relative newcomer to security, talked about tips for those new to ICS security: “Don’t panic.”
He also laid out a few basic ideas for starting a security program:
• Start with basics
• Adopt a culture, treat security like safety
• Learn how to talk the talk
“Our mission is to provide information and keep it safe. Our system is designed to be static. Our system does not change, it is simple. We are on the low end of utilization and load.”
What is interesting is Atmos knows security is a big issue and they are not afraid to invest.
“We have implemented more changes in security than we have in operability and usability,” Rice said.
In terms of technology, Rice does not have to go out and reinvent the wheel all the time.
“COTS (commercial off the shelf) can help. We have been successful along the way and found people that can help. We have used IT solutions to make improvements.”
A slipped belt which caused friction resulted in a fire that burned through a conveyor belt Thursday at the nearly dormant Nippon Paper Industries USA mill in Port Angeles, WA.
Mill employees reported the fire near the top of the mill’s cogeneration plant at 7 p.m. Thursday, Port Angeles Fire Department Capt. James Mason said Friday.
There were no injuries in the incident, officials said.
“The monetary damage is negligible,” mill manager Steve Johnson said Friday.
Johnson said the cogeneration plant went offline Thursday night, and operation was to resume Saturday morning after workers repaired the belt.
“We are finalizing our investigation, but the preliminary cause appears to be friction-generated heat caused by belt slipping on the drive pulley,” he said.
The fire department got the call after smoke became visible from the top of the conveyor belt that moves biomass cogeneration boiler fuel to the conical silo at the plant.
The fire department responded with an engine and a 100-foot aerial ladder truck, Mason said.
The fire ended up extinguished with pressurized water containers and a fire extinguisher.
The paper mill, which had employed 105 hourly workers, shut down Jan. 21, but a skeleton maintenance crew is on duty and the cogeneration plant, which produces steam for the mill and electricity for sale, is still in operation.
The mill will close completely at the end of March while its new owner, McKinley Paper Co., a U.S. subsidiary of Mexico-based Bio Pappel, retrofits the facility.
Herb Baez, McKinley’s vice president of operations, said the mill’s cogeneration plant will restart when the mill retools and begins manufacturing recycled containerboard.
The plant, owned by Nippon Paper Industries of Tokyo, produced lightweight paper, newspaper stock and telephone-book paper.
Baez said that once the mill shuts down completely, it may not start up again until spring 2018.
Earlier estimates had put the shutdown at six months to a year.
“It’s looking like it will probably be at least a year,” Baez said, adding a study is underway on the cost of retrofitting the plant.
The plant had two operating paper machines until one shut down in December 2014.
A stuck valve caused the tap water in a small Canadian town to turn pink this week.
The water started running a bright fuchsia color Monday night after a problem at the water treatment plant at Onoway, a town of 1,000 people in Alberta province.
A stuck valve that allowed an excess amount of potassium permanganate into the town’s water distribution center may have been to blame, according to Mayor Dale Krasnow.
Potassium permanganate is a common water-treatment chemical used to remove bad tastes and odors from drinking water — but too much of it can turn water pink or purple.
Experts say it can cause skin burns as well as throat and abdominal pain if it is swallowed.
Krasnow said there was no public health risk but admitted town officials could have “done a better job of communicating what was going on.”
“While it is alarming to see pink water coming from your taps, potassium permanganate is used in normal treatment processes to help remove iron and manganese and residents were never at risk,” he said.
Krasnow said the town was flushing its water distribution system and encouraged residents to run their taps until the water was clear.
A massive fire at a Duplin County, NC, chicken processing plant Saturday night ended up labeled an accident, investigators said.
The blaze broke out at the House of Raeford plant outside of Teachey, NC, late Saturday night and 20 fire departments from five counties responded.
The fire began in an office upstairs where there was plenty of electrical equipment, said Det. Matthew English with the Duplin County Sheriff’s Office.
The NC State Bureau of Investigation (SBI) is assisting with the fire investigation due to the size of the building, while two fire departments remained on the scene Monday making sure no hot spots flared back up.
The plant has 675 workers. The company said workers will continue to receive pay and remain committed to restoring operations.
The House of Raeford said the goal is to rebuild in the Wallace area.
They have already begun to move employees to the Rose Hill plant where they will increase capacity, said company spokesman Dave Witter. The company built the plant in 2006.
Teachey Fire Chief Richard Williams said the fire was the most heavily involved he’s seen in several years.
“Upon arrival we had heavy smoke showing,” he said.
Williams said three firefighters ended up taken to the hospital after they became over-heated on the job.
Witter said all three ended up released, and one returned to the scene to help.
A HazMat crew also reported to the scene from New Hanover County as a safety measure. The crew monitored water runoff and air quality as crews fought the blaze.
The Wallace Fire Department also helped monitor the situation from the sky, using drone technology that they’ve had for about a year.
“They are really good [for] training… you can take some pictures to use later on for other training… [you can use them for] search and rescue and stuff like this big structure fire,” said Wallace Firefighter Chuck Johnson.
Johnson said the drones are able to show firefighters what’s happening from above, from angles they can’t see from the ground or ladders.
A leak in an ammonia tank at the Big Spring, TX, water treatment plant forced an evacuation Tuesday night, officials said.
The evacuation order ended up lifted the next day and residents are back in their homes.
Fifteen to 20 people ended up hospitalized as a precaution, but there were no serious injuries reported.
There was a leak in an ammonia tank at the plant, but it has now been fixed. The leak forced officials to order an evacuation of the surrounding area.
The explosion occurred after a gas valve ruptured while crews were repairing a leaky tank at the water plant sometime before 10 p.m. The gas valve ruptured at the water plant near the local high school, said Big Spring Mayor, Karry McLellan.
After the explosion, the gas valve began leaking ammonia gas, which forced resident in the surrounding area to evacuate.