News
News
Wednesday, February 22, 2012 @ 06:02 PM gHale
Safety and security are major initiatives for energy companies, but refiners will have to step it up a notch as Africa is becoming an oil and gas hotbed of activity.
Making the latest move into Africa, Royal Dutch Shell Plc, will pay $1.6 billion for Mozambique-based focused Cove Energy.
RELATED STORIES
Canadian Utility Deals for U.S. Utility
Fracking Future: Apache Deals for Driller
Fracking: Foreign Firms Fund Pacts
ABB Dealing: Buys UPS Provider
Cove’s main asset is an 8.5 percent stake in the Rovuma Offshore Area 1, in Mozambique, where operator Anadarko said recoverable reserves could top 30 trillion cubic feet of natural gas.
The project partners plan to build plants to freeze the gas into liquefied natural gas (LNG) and ship it to Asian markets.
“East Africa is a major prospective hydrocarbon province, which has seen a significant increase in exploration activity in recent years,” Shell said in its offer document.
“Shell already has interests in Tanzania, and the acquisition of Cove would mark Shell’s entry into exciting new hydrocarbon provinces in Kenya and Mozambique, with significant potential for new LNG from recent gas discoveries offshore Mozambique, and further complementary exploration positions in East Africa.”
Neighboring the Rovuma find, Italy’s Eni made its own major gas finds while, north of the maritime border, Norway’s Statoil has made a find in Tanzanian waters.
On Tuesday, the Tanzanian government said British gas and oil firm BG Group planned to step up its investment on the east African coastline fast becoming a major gas hub with a $500 million investment this year.
In addition to Anadarko, Japan’s Mitsui and Indian groups Bharat Petroleum and Videocon each own 10 percent stakes in the Rovuma license. The values of these interests could now be more valuable.
Wednesday, February 22, 2012 @ 03:02 PM gHale
In an effort to push its security to new levels, Apple will introduce a new Mac security model with OS X Mountain Lion this summer. By default it will let users install only programs downloaded from the Mac App Store or those digitally signed by a registered developer.
Gatekeeper — Apple’s name for the model and technology — will block the installation of the most common kind of Mac malware. That would be Trojan horses executed by users duped into downloading and installing fake software.
RELATED STORIES
Apple Deals with App Privacy Issues
Cracking Apple iWork Encyrption
Apple Supplier Hit by Hack
Struggle to Secure Mobile Devices
Last year, campaigns of “scareware,” programs that posed as antivirus software but actually infected systems with attack code, made headlines. Apple responded to the scareware threat by repeatedly updating a rudimentary blocking list that debuted two years earlier.
Mountain Lion, which Apple said Thursday will ship late this summer, uses a new mechanism to bar malicious applications from most Macs.
By default, only software downloaded from the Mac App Store or signed with certificates Apple provides free-of-charge to registered developers can install on Mountain Lion.
Because each digital certificate links to an individual developer or company, Apple will know who was responsible for, say, sneaking a malicious app by users, and be able to revoke the certificate and ban the developer from its program.
Apple will not review these digitally-signed third-party programs, but Gatekeeper lets the company retaliate against malicious application makers, and by revoking certificates, gives it a way to block new installs and stifle a malware campaign in its early stages.
Mountain Lion’s Security & Privacy preferences screen also has options for tightening or loosening Gatekeeper’s vigilance. If the user selects “Mac App Store,” he can install only software downloaded from Apple’s mart; choosing “Anywhere” lets users install programs obtained from anywhere. The latter is the wide-open model that Macs — and Windows PCs — have used.
At its default setting, Gatekeeper, which has roots in moves Apple has been making with OS X for several years, is a set-and-forget “whitelist,” or list of approved programs. “It’s like a giant whitelist button,” said Andrew Storms, director of security operations at nCircle Security, of Gatekeeper.
Tuesday, February 21, 2012 @ 06:02 PM gHale
Making a move to strengthen its foothold in the U.S., Fortis Inc. will pay just under $1 billion to pick up Hudson Valley, NY, utility CH Energy Group Inc.
CH Energy is the parent company of Central Hudson Gas & Electric Corp., a regulated transmission and distribution utility that serves about 300,000 electric and 75,000 natural gas customers in New York’s Hudson Valley.
RELATED STORIES
Secure Grid from Turbine to Toaster
Utility Cyber Security Trends
Study: Integrated Need for Security
Grid Ripe for Cyber Attacks
The deal, which is subject to regulatory and CH Energy shareholder approval, should close in the first quarter of 2013. CH Energy will remain a stand-alone company based in Poughkeepsie, NY, and there are no plans for cut jobs, CH Energy said.
Based on CH Energy’s 14.9 million outstanding shares, the deal is worth about $967.9 million. The companies valued the deal at about $1.5 billion including the assumption of about $500 million in debt.
Fortis, one of the largest investor-owned utilities in Canada, said it expects the addition of CH Energy to immediately boost its profits, excluding one-time charges related to the acquisition. It pointed to the company’s strong balance sheet and credit ratings, along with its diversified customer base.
H. Stanley Marshall, Fortis’ president and chief executive, said the acquisition represents a “strong first step” for the company in the regulated U.S. electric utility market. The company’s utilities serve about 2 million gas and electric customers in Canada.
Central Hudson accounts for about 93 percent of CH Energy’s total assets and contributed about 97 percent of its 2011 revenue. CH Energy also owns and operates Central Hudson Enterprises Corp., a non-regulated fuel delivery business with about 56,000 customers in the Mid-Atlantic Region.
Tuesday, February 21, 2012 @ 05:02 PM gHale
A flaw in calculating the potential heat from nuclear fuel in the event of an accident has the U.S. Nuclear Regulatory Commission (NRC) seeking information from energy companies running 11 reactors.
This was not something that presents an immediate safety concern so there was no reason to shut any of the plants, the NRC said.
RELATED STORIES
Security Lapse at Prairie Island Nuke
Palisades Nuke Safety Downgrade
Errors at Turkey Point Nuke
New Nuke Designs Need Security
“But we do want them to come back to us to show they are meeting our regulations,” said NRC spokesman Scott Burnell.
The 11 reactors are located at FirstEnergy’s Beaver Valley in Pennsylvania, Exelon’s Byron in Illinois, Duke Energy’s Catawba in South Carolina and McGuire in North Carolina, American Electric Power’s Cook, and Dominion’s Kewaunee in Wisconsin.
A computer program Westinghouse Electric used has a fundamental flaw in determining how the fuel loses the ability to conduct heat, Burnell said.
This phenomenon is “thermal conductivity degradation.”
Because of that error there is a possibility that plants could underestimate how hot their fuel could get in an accident, Burnell said.
Westinghouse is majority-owned by Japan’s Toshiba Corp.
Tuesday, February 21, 2012 @ 05:02 PM gHale
There was a security lapse at the Prairie Island nuclear station near Red Wing, MN, and Xcel Energy will feel the wrath of federal regulators.
Xcel received a letter from the Nuclear Regulatory Commission (NRC) about the violation discovered in an October inspection. Details of the incident ended up redacted from the letter.
RELATED STORIES
Palisades Nuke Safety Downgrade
Errors at Turkey Point Nuke
MN Nuke Leaks Tritium
New Nuke Designs Need Security
Nuke Alert: Human Error in Leak
The public’s safety was not an issue with the security problem, said NRC spokeswoman Viktoria Mitlyn. But no details, including its level of significance, will end up released so the plant can avoid publicizing a security vulnerability, she said.
It is the first time “in the recent past” the NRC cited Xcel for a security-related problem at its two nuclear stations in Minnesota.
The NRC ranks violations on a four-color scale, with red the highest — representing an unacceptable safety loss — and green the lowest significance. The NRC only said the Prairie Island violation was “greater than green.”
In a preliminary letter to Xcel in December, the NRC offered a hint the problem related to “human performance.” The letter said Xcel “failed to conduct an effectiveness review of safety significant decisions to verify the validity of the underlying assumptions, and identify possible unintended consequences.”
The Minneapolis-based utility must correct the root cause of the problem, and will be subject to a follow-up inspection. It also has 30 days to appeal the finding.
In a statement, Xcel said it hadn’t decided whether to appeal but that “Security and safety at our nuclear plants are our highest priorities.”
Tuesday, February 21, 2012 @ 01:02 PM gHale
By Nicholas Sheble
The hacking group Anonymous may be capable of causing a limited power outage through cyber attack soon, is the feeling of security officials with the U.S. Government.
The director of the National Security Agency (NSA) warned Anonymous could have the ability within the next year or two to bring about such an act, according to a report in the Tuesday issue of The Wall Street Journal.
RELATED STORIES
Schoolboys Behind Greek Hack
Tear Gas Maker Hacked
Hacking Victims Still Remain Silent
Hidden Secret: VeriSign Hacked
General Keith Alexander, NSA’s director, provided his assessment in meetings at the White House and in other private sessions. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyber attackers to disable or even damage computer networks.
Anonymous has never listed a power blackout as a goal, but some U.S. officials believe it seeks a more disruptive direction. An attack on a network would be consistent with recent public claims and threats by the group. As example, last week Anonymous announced a plan to shut down the Internet on March 31 in a move they are calling Operation Global Blackout.
The electric grid has many backup systems that allow utilities to restore power quickly if there is a blackout from a cyber attack or hardware malfunction.
Attacks by Anonymous
- December 2010: Attacks groups and individuals that tangled with WikiLeaks and its founder, Julian Assange.
- February 2011: Followers break into computer systems of California Internet-security company HBGary Federal; release tens of thousands of internal emails online. Company chief executive resigns.
- Aug. 14, 2011: Hacks a Bay Area Rapid Transit website to protest the rail system’s move to temporarily shut down cell phone service.
- Jan. 19, 2012: Attacks Justice Department website and apparently knocks it offline to retaliate against shutdown of a media-downloading site.
- Feb. 12, 2012: Announces a plan to shut down the Internet on March 31.
- Feb. 17, 2012: Attacks two sites of the Federal Trade Commission.
Source: WSJ research
The NSA believes that, for now, the cyber threat to the power grid is limited. The countries that could most quickly develop and use cyber means to destroy part of the grid, like China and Russia, have little incentive to do so. Those with more incentive, like Iran or North Korea, don’t yet have the capability.
Nicholas Sheble (nsheble@isssource.com) is an engineering writer and technical editor in Raleigh, NC.
Monday, February 20, 2012 @ 03:02 PM gHale
In a different use of application whitelisting, military computers soon will undergo configuration to execute only administrator-approved software applications in certain areas of a computer, Pentagon officials said.
Whitelisting is a recommended best practice, but DoD and industry have lagged in adoption because of the staffing involved in adding and removing applications from the list, National Security Agency (NSA) officials said.
RELATED STORIES
New Software Cuts Costs, Risk
Struggle to Secure Mobile Devices
All Mobile Devices Victimized
Trojan Acts like Carrier IQ Tool
The Defense Department’s (DoD) version of “application whitelisting” focuses on where downloads can launch in a system. Officials think that will end up being an inexpensive protection against downloads that antivirus programs fail to flag as threats.
“You can download it, but you can’t install it,” said Paul Bartock, a technical director for the Information Assurance Directorate at NSA, who helped develop the technique.
One weakness with even the best antivirus programs is they blacklist software only after determining it is malicious. Unknown worms do not get blocked. And hackers continuously tweak their code so it remains unknown.
However, NSA’s approach blocks every application from executing until a network administrator has approved, or whitelisted, it.
To save time, NSA created a way to grant applications access based on where they are trying to open in a system — for example, certain disk drives or directories. With typical whitelisting, an administrator has to change the list every time a developer releases a new patch or program update. Under NSA’s approach, administrators are able to focus their attention on fewer potential entry points for viruses, thus reducing the time involved in installing new applications.
Now, NSA is arranging for the baseline configurations of all new Defense computers to employ the tactic, said Eric Chudow, who works in the Information Assurance Directorate at NSA.
This method already has thwarted one type of worm that antivirus programs failed to catch.
“An email tried to install malware,” Chudow said. “On the newer baseline computers, the administrators could see this was malware,” but on the older models, “the antivirus wasn’t able to protect against it yet. Two weeks later, the antivirus vendors issued a signature for that particular piece of malware.”
Commercial whitelisting software can cost hundreds of thousands of dollars and require three full-time employees to change the list for every patch and upgrade. NSA officials were able to do the job without licensing special software. They used software-restriction features that come with most operating systems, along with an existing intrusion detection system, and then wrote some special permissions, officials said.
The project required monitoring the agency’s network about 20 hours a week for three months to make sure the new configuration was not obstructing important applications, officials added. For ongoing upkeep, they only needed an hour of attention per week.
Almost anyone, including home computer users and health technicians, can try the technique as this white paper shows.
Friday, February 17, 2012 @ 02:02 PM gHale
Palisades nuclear power plant is facing three violations for a “substantial safety significance” issue and two for a “low to moderate safety significance,” said Nuclear Regulatory Commission (NRC) officials.
The violations will result in additional NRC inspections and oversight of the Covert, MI-based facility.
RELATED STORIES
Errors at Turkey Point Nuke
MN Nuke Leaks Tritium
New Nuke Designs Need Security
NRC Safety Enforcement Questioned
Nuke Alert: Human Error in Leak
The violation resulting in a substantial significance to safety relates to a Sept. 25 electrical fault caused by personnel at the site which resulted in a reactor trip, the loss of half of the control room indicators, and actuation of safety systems not warranted by actual plant conditions. This made the reactor trip more challenging for the operators and increased the possibility of a serious event occurring. The NRC conducted a Special Inspection and determined the plant failed to have adequate work procedures for the electrical panel maintenance work to ensure they successfully completed the job.
The violations resulting in a low to moderate significance to safety relate to a coupling failure in the service water system. The system consists of three motor driven pumps which provide cooling to safety related equipment such as containment air coolers and diesel generators. Last August one of the service water pumps failed due to cracking in one of the couplings. This was a repeat of a previous equipment failure that occurred in 2009. The NRC conducted a Special Inspection and later concluded the plant failed to prevent recurrence of the cracking condition and failed to completely consider the properties of the steel used in a past modification of the couplings.
After consideration of the information the NRC staff has characterized the Sept. 25 violation as “yellow” or as a finding of substantial significance and the Aug. 9 violations as “white” or having a low to moderate safety significance. The NRC evaluates a nuclear plant’s performance with a color coded process that classifies regulatory findings as green, white, yellow or red, in order of increasing safety significance.
The yellow and white inspection findings will place the plant in the “Degraded Cornerstone Column” of the NRC’s Action Matrix (also known as column 3) as of the fourth quarter of 2011.
This move in the action matrix will result not only in additional oversight at Palisades, but will also include a NRC supplemental team inspection to independently determine whether Palisades understands the root cause and contributing causes of the risk significance issues; has identified the extent of the condition and extent of cause; and has taken the appropriate corrective actions to prevent recurrence. In addition, the NRC will evaluate if the site considered whether any safety culture component caused or significantly contributed to the issues.
