Posts Tagged ‘oil and gas’
Monday, April 8, 2013 @ 06:04 PM gHale
In a move to boost its presence in the energy business, General Electric Co. will pay $3.3 billion to acquire oilfield services provider Lufkin Industries Inc.
GE, the world’s biggest maker of jet engines and electric turbines, has expanded in the energy industry with a series of acquisitions of companies that make equipment used in oil and gas production.
RELATED STORIES
CA Data Disclosure Act Possible
Slow Fix: DNS Flaw 5 Years Later
Back to Basics: Security 101
Agencies Join in Security Plan
The company has spent about $11 billion in acquisitions since 2007 to boost its presence in the oil and gas business, which is the conglomerate’s fastest-growing. That sector contributes about 10 percent of GE’s total revenue.
Lufkin will broaden GE’s artificial lift capabilities beyond electric submersible pumps.
Artificial lift refers to the use of external means to help lift hydrocarbons to the surface in reservoirs with low pressure, as well as to improve the efficiency of naturally flowing wells.
“The artificial lift segment is at the heart of critical changes that are helping producers maximize well potential, which translates into increased output at lower operational cost,” Daniel C. Heintzelman, chief executive of GE Oil & Gas.
The global artificial lift sector should approach $13 billion in 2013, according to Spears & Associates, GE said.
Lufkin’s fourth-quarter profit beat analysts’ estimates on demand for its pumping equipment from companies operating in energy-rich shale fields such as Bakken and Eagle Ford, despite a slowdown in overall drilling activity.
However, the company estimated that a slow recovery in the stalled U.S. onshore drilling will dent profits this quarter.
The acquisition, which is for $2.98 billion actually comes to $3.3 billion including debt, should close in the second half of 2013.
Monday, February 18, 2013 @ 12:02 PM gHale
French oil giant, Total, gave its version of the causes of the major North Sea natural gas leak, which shut down production on the company’s flagship Elgin-Franklin North Sea field for almost a year.
At the time of the leak, in March 2012, gas from the Elgin-Franklin complex accounted for about seven percent of British production.
RELATED STORIES
Refinery Blaze: Chevron Upgrades Safety
Refinery Blast: Vapor Cloud Takes Off
Chevron: Failed Pipe Vulnerable to Corrosion
Pipeline Blast an ‘Accidental Leak’
The leak last March had been due to corrosion stress cracking caused by a reaction between grease on the threads of the well casing and bromine used in the fluid inside the well, said Patrice de Vivies, the company’s senior vice president for exploration and production for northern Europe.
In addition, a gas layer called Hod, which was 1,000 meters or about 3,300 feet above the Fulmar gas layer tapped by the well, unexpectedly began producing oil and gas, possibly because production of the lower layer affected it. He called this set of circumstances “unique.”
“It is impossible to forecast this type of incident,” de Vivies said.
Total evacuated 238 workers from the Elgin platform, about 240 kilometers or about 150 miles from Aberdeen in Scotland, after they found the leak. The platform serves a complex of fields. There was a danger the gas could catch fire, leading to a catastrophic incident. The well, known as G4, ended up plugged about two months later. The incident caused no injuries.
At the time of the shutdown, Elgin-Franklin was producing the equivalent of 140,000 barrels of oil per day in gas and liquids, making it a very large field.
de Vivies said the company had submitted plans late last year for restarting the field and it expected British authorities to accept them shortly. The company then plans to bring the field back online gradually, starting with four wells compared to 14 at the time of the incident. He said he expected production by year-end to be 70,000 barrels per day, or half of what it was at the time of the leak. By 2016, the company’s should take production levels above 140,000 barrels per day, he said.
Total had learned lessons from the leak in a field in which the gas is under high pressure and high temperature, and that the company would be more conservative about how it operated in the future, de Vivies said. He also said Total would share its findings with other companies to avoid a repeat of this type of incident.
Monday, December 31, 2012 @ 11:12 AM gHale
There are mitigation details available for a vulnerability that impacts the i-GEN opLYNX Central software, which could lead to a partial leakage of information and access to system settings, according to a report on ICS-CERT.
The mitigations work through an authentication bypass vulnerability in i-GEN Solutions opLYNX Central application.
RELATED STORIES
Firmware Fix for Photovoltaic System
Mitigations for Siemens ALM Hole
Siemens, Invensys Mitigations
RuggedCom Releases New ROS Version
Independent researcher Anthony Cicalla, who found the remotely exploitable vulnerability, tested the new version to validate it resolves the vulnerability. This vulnerability impacts the energy sector, mainly in Canada.
All opLYNX versions from 2.01.8 and prior suffer from the issue.
Exploitation of this vulnerability could allow access to configuration settings and other information in the opLYNX Central application.
i-GEN Solutions Corp. is a Canada-based company that provides human-machine interface (HMI), supervisory control and data acquisition (SCADA), and plant historian software to oil and gas, pipelines, chemicals, utilities, and waste water management facilities around the world.
The affected product, opLYNX Central, is a Web-based application, which i-GEN Solutions said mainly sees deployment in the energy sector in Canada.
The i-GEN opLYNX Central system provides an interface for remote connections. Publicly available tools to disable Javascript can bypass authentication on the opLYNX Central interface. This allows a user to access configuration settings and other information. CVE-2012-4688 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.5
An attacker with a low skill would be able to exploit this vulnerability with publicly available tools.
i-GEN Solutions released a new version, opLYNX 2.01.9, that resolves this vulnerability. The new version ends up automatically applied upon login.
Monday, December 10, 2012 @ 02:12 PM gHale
The main goal behind the Shamoon attack against Saudi Aramco was to take down the production of oil and gas in Saudi Arabia, a high level executive with the oil giant said Sunday.
The cyber attack against the world’s largest oil company in August that damaged 30,000 computers, but was really supposed to stop oil and gas production, said Abdullah al-Saadan, Aramco’s vice president for corporate planning.
RELATED STORIES
Impact of Shamoon on SCADA Security
Iran behind Shamoon Attack
Shamoon Mitigations Shelter Systems
Shamoon Malware and SCADA Security
Thanks to a solid defense in depth program installed by the integration unit, the attack on Saudi Arabia’s national oil company Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt production. The attack though was one of the most destructive hacker strikes against a single business. Shamoon also hit natural gas giant, RasGas of Qatar.
“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” al-Saadan said on Al Ekhbariya television.
Hackers from a group called Cutting Sword of Justice claimed responsibility for the attack, saying their motives were political and the virus gave them access to documents from Aramco’s computers, which they threatened to release. No documents have yet published.
Aramco and the Saudi Interior Ministry are investigating the attack. A ministry spokesman, Maj. Gen. Mansour al-Turki, said the attackers were an organized group operating from countries on four continents.
The virus, Shamoon infected workstations on Aug. 15. The company shut its main internal network for more than a week. General Turki said the investigation had not shown any involvement by Aramco employees. He said he could not give more details because the investigation was not complete.
Shamoon spread through Aramco’s network and wiped computers’ hard drives clean. Aramco said damage was limited to office computers and did not affect systems software that might harm technical operations.
Two former senior CIA officials first alerted ISSSource the culprit in the attack was Iran working with personnel inside the Aramco’s computer center. They said the Saudi regime is investigating the attack and is arresting suspects like operating staff, janitors, office people, and cargo handlers.
CIA sources said attack was the work of a disgruntled Shiite insider (or insiders) that had full access to the system.
Richard Stiennon at IT-Harvest, a firm that tracks and reports on evolving cyber threats, told ISSSource 30,000 computers ended up scrambled and Iran was the perpetrator. He said Iranian-trained hackers launched the attack “in deep wrath” because of the mistreatment of the Shiites at the facility, and in Syria and Bahrain — two countries where the Saudi government has reportedly aided Sunni factions in their struggle with the Alawite-dominated regime and the Shiite majority, respectively.
The Aramco attack and the attack on RasGas, a major Qatar gas works, and other energy companies over the summer were in retaliation for the U.S.-Israeli developed Stuxnet virus that infected thousands of Iran’s nuclear program centrifuges, and as payback for the severe U.S.-imposed sanctions that have sent the Iranian economy into a tailspin, the CIA sources said.
This story was complied from a series of reports on ISSSource and Reuters.
Tuesday, October 30, 2012 @ 10:10 AM gHale
Germany just overtook the U.S. when it comes to email users getting the most malicious email messages.
Germany topped the chart with 13.87% of malicious mail directed at its users, followed by Spain (7.43%), Russia (6.85%), India (6.39%), Vietnam (5.95%), Australia (5.94%), China (5.80%) and the U.S (5.62%), according to a report on September’s spam by Kaspersky. The U.S. had led the chart for the previous eight months.
RELATED STORIES
People, Policies Catch Insiders
Govt Report: Record Exposure Booms
Philips Hit for Second Time in Month
Sony Hacked Again
Kaspersky said 3.4% of all emails contained malicious files, a drop of 0.5 percent compared to the previous month. Germany saw a six percent point rise in its detections and Spain saw a four percent rise, while United Kingdom’s share dropped two percent to 4.67%.
It was also a month for drastic changes in the top ten malware detected by Kaspersky. Long-term leader “Trojan-Spy.HTML.Fraud.gen” fell out of the top ten completely, giving its top spot to “Backdoor.Win32.Androm.kv” (aka Backdoor.Trojan and PWS-Zbot.gen.ana), a backdoor Trojan which enables remote access, found in 6.32% of the malicious emails. Right behind was “Email-Worm.Win32.Bagle.gt”, an email address harvester and malicious program downloader, and then the “Email-Worm.Mydoom.m” and “Mydoom.l” email address harvesters. Also in the top ten were four ransomware Trojans.
Of the spam that didn’t have malicious programs attached, Kaspersky noted a rise in mails with an oil and gas theme, such as bogus lottery mails apparently from Russian energy companies Gazprom and Lukoil.
They also noted an increase in spam pointing users at infected coupon sites with good imitations of legitimate Groupon mailings, the appearance of Michelle Obama’s name in lottery email which claims to come from the “World Wide Web Owner” and mass English-language mailings of the controversial film “The Innocence of Muslims” which lacked the expected malicious attachments or dangerous links.
Overall, spam levels grew by 2.3 percent points from August to reach 72.5% of all email traffic, and phishing mails tripled, to reach 0.03%.
Wednesday, August 8, 2012 @ 04:08 PM gHale
During the past decade, oil refineries in Wyoming have leaked, sprayed silica catalyst and billowed poisonous orange clouds over neighborhoods.
In addition, there have been fires, which have injured at least seven Wyoming workers.
That all has to change.
RELATED STORIES
Talisman Faces Fracking Safety Fine
Explosions at Gas Well, Chem Firm
Oil, Gas Site Blast Kills Worker
Compressor Site Restarts after Blast
That is why this past Tuesday, representatives from all five of Wyoming’s refining companies went to Casper to meet with Gov. Matt Mead, his staff and officials from Wyoming Occupational Safety and Health Administration (OSHA), with a plan to form an industry alliance to improve workplace safety at the state’s refineries.
In keeping with Wyoming’s approach to safety and the oil and gas, mining and construction industries, the refining industry alliance would be a voluntary effort bolstered by support from the state that would identify safety challenges, set best practices, work with Wyoming OSHA in a consultation capacity rather than rely on tougher corrective and punitive actions.
“It will be your organization. … All I’m saying is we are here to offer any help, whether its data we can share or whatever. We’re not here to tell you what to do,” said former judge Gary Hartman, policy advisor to Gov. Mead.
This voluntary approach was the genesis of the Wyoming Oil and Gas Industry Safety Alliance (WOGISA).
“I found your investigators were really professional and their focus was to help us, and not just there for a gotcha (investigation). … So we’re really interested in a partnership with OSHA,” Silver Eagle Refining Inc.’s general manager Jerry Lockie told one OSHA official Tuesday.
Lockie added after dealing with some serious issues at the refinery, management is committed to “completely revamp” the culture of safety at the refinery.
“I’m encouraged that they are eager to get on board with this,” Mead said.
Even before any real collaboration began, the group of refining officials identified two main safety challenges; power outages are too frequent, and Wyoming OSHA is lacking in consultation personnel specializing in “process safety management.”
“If there’s anything we can do to help you (Mead’s staff) to get more (process safety management resources), we’ll help,” one refinery official promised.
Just this past weekend the refinery at Sinclair reported two accidents, including one that sent one worker to the hospital.
Tuesday, July 24, 2012 @ 08:07 PM gHale
Siemens produced a patch to fix the dll hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software.
Previous versions of SIMATIC STEP 7 and PCS 7 allowed the loading of malicious dll files into the STEP 7 project folder an attacker could use to hit the system. This vulnerability is remotely exploitable and attackers are targeting this vulnerability.
RELATED STORIES
Wonderware Patches Dll Hijack
OSIsoft Releases Vulnerability Fix
Tridium Holes Remotely Exploitable
ICS-CERT: Attacks on Rise
The following Siemens products and versions suffer from the issue:
• SIMATIC STEP 7 versions prior to V5.5 Service Pack 1 (5.5.1 equivalent)
• SIMATIC PCS 7 versions before and including V7.1 SP3
An attacker could execute arbitrary code by exploiting this vulnerability.
Siemens SIMATIC STEP 7 and PCS 7 software configures and manages Siemens SIMATIC S7 PLCs. Siemens SIMATIC S7 PLCs see use in a variety of industrial applications worldwide, including energy, water and wastewater, oil and gas, chemical, building automation, and manufacturing.
SIMATIC STEP 7 supports the loading of dll files in STEP 7 project folders, which an attacker can use against systems using STEP 7. An attacker can place arbitrary library files into STEP 7 project folders that will load on STEP 7 startup without validation. The code will execute with the permissions of the STEP 7 application. CVE-2012-3015 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.9.
An attacker with a medium skill level would be able to exploit these vulnerabilities.
Siemens provided the STEP 7 software update V5.5 SP1 (equivalent to V5.5.1) that resolves the vulnerability, but recommends installing the latest Service Pack, V5.5 SP2, as soon as possible.
The updates implement a mechanism that rejects dlls in the STEP 7 project folders, which contain executable code, thus preventing unintended execution of unchecked code.
Tuesday, May 1, 2012 @ 03:05 PM gHale
By Nate Kube
Though it’s critical to accurately identify vulnerabilities in process control networks and devices, a chief executive or management team will likely question the additional investment in robustness testing.
At first glance, what they often don’t recognize is that additional investment will end up improving the bottom line.
Robustness testing provides insight into how environments perform under stress, it goes the extra mile beyond requirement specifications to ensure control systems exceed specifications in emergencies.
RELATED STORIES
Siemens CERT Gains Achilles Status
Security First; Not in Smart Grid
Smart Meters Getting Smarter
Secure Smart Grid Moves Forward
National Aeronautics and Space Administration (NASA) and the U.S. Department of Defense (DoD) reports indicate over half of the bugs found in deployed devices directly relate to a lack of robustness testing. Now with resources in short supply, developers cannot be reverting to fixing flaws that should have never shipped.
While assuming there are extra resources to troubleshoot after the fact, the challenges of critical infrastructure testing are more significant. For instance, rebooting a PC can cause a minor disruption, rebooting a nuclear power plant has broader implications.
Defining Robustness Testing
The Institute of Electrical and Electronics Engineers (IEEE) defines robustness as “the degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions.” Having a properly functioning system, despite the unpredictable, is essential in the industrial control systems world in order to “keep the lights on.”
Overlooking Robustness Testing
Quite a few DoD programs engage in what has been called “happy-path testing,” in other words only showing the system maintains functional requirements, according to a DoD assessment report. While this type of testing is essential, additional tests to ensure the system properly handles errors and failures appropriately are often neglected. Performing “happy-path testing” underscores that control system failure in the field is often due to a lack of robustness.
Although vendors’ solutions meet user requirements for particular installations, users may not be able to quantify the level of robustness required for specific installations. At present, most industrial control equipment manufacturers and software developers are limited in their ability to rigorously test new products for possible security flaws because of the lack of available tools.
As a result, new vulnerabilities are discovered each year, but only after the products are sold and installed by the end user. This is particularly true of control and SCADA systems used in critical infrastructures such as the oil and gas, water, and electrical generation/distribution industries. Standard information technology (IT) vulnerability testing does not typically address the unique resources and timing constraints of critical control systems or the specialized protocols used.
As business and technology continue to drive toward more open and connected networks, mission critical systems – including those used in the control of power generation, oil and gas production, water treatment and transportation – are becoming increasingly vulnerable to cyber attacks that penetrate or bypass perimeter defenses (e.g. firewalls).
Yet, how does one measure and assess something that doesn’t necessarily happen? Additional testing is a tough sell for management if the current testing regimes appear successful. How and why can one build a case for an expanded testing capability or continued diligence?
Dollars and Sense
NASA leads the industry in computer usage and complex systems. They advise robustness testing through usage of off-nominal cases. NASA believes a methodology able to test for off-nominal cases (i.e., hardware and software failures) during design, and the earlier test stages, could avoid over one-half of all failures and over two-thirds of the failures in the most severe classifications.
For a quick rubric:
1. Make an estimate of the additional costs you’ve incurred over the last year due to robustness failures of your systems in the field.
2. Multiply that figure by .50 to get the low end of the range and by .66 to get the high end of the range.
Although this can quickly determine the value of pursuing a course of action, this may not be enough to persuade management to make additional robustness testing investments.
Fortunately, several valuation models can aid in putting a dollar amount on security costs. Carnegie Mellon University for the U.S. Department of Homeland Security published a paper that makes a comparison between 13 different models for assessing the cost and value of software assurance. They found several features common to each model and categorized the models into four types: Cost-based, investment-based, quantitative estimation and environmental/contextual. A follow-up paper provided by the same company demonstrated organizing its approach focused specifically on the Balanced Scorecard model. The Balanced Scorecard is widely used; one major explanation to its success (and to the success of all quantitative methods) is data. Before embarking on any effort to quantify the cost of robustness testing, an organization must have metrics in place and data collected and validated.
Budgets are shrinking and threats are increasing. Times are difficult with economic hardships, but security cannot be compromised. Companies have the capability to increase the robustness of their systems to reduce the time to market and produce a quality product while decreasing overall costs.
Protecting critical infrastructure and “keeping the lights on,” is the singular aim of any robustness test. Robustness testing is not just important, it is essential. This expands from the plant floor to every point where an organization’s system is touched by the Internet.
As more devices become Ethernet-enabled in the control systems world, we can no longer depend on “security through obscurity.” Everyone needs to be confident that implemented security solutions function effectively under known, as well as, unexpected conditions.
Nate Kube founded Wurldtech Security Technologies in 2006 and as the company’s Chief Technical Officer is responsible for strategic alliances, technology and thought leadership.
Thursday, January 26, 2012 @ 02:01 PM gHale
There is a cross-site scripting (XSS) and write access violation vulnerabilities in Ocean Data Systems Dream Report application.
ICS-CERT coordinated these vulnerabilities with Ocean Data Systems, which has produced a new version that resolves the vulnerabilities. Researchers Billy Rios and Terry McCorkle, who found the holes, have tested the new version to confirm it resolves the vulnerability.
RELATED STORIES
Symposium Releases Vulnerabilities
Wago, Wellintech Vulnerabilities
GE Hit by Vulnerability
Schneider: More Patches for Module Hole
Dream Reports versions prior to Version 4.0 all suffer from the vulnerability, Ocean Data Systems official said.
Successful attacks could result in data leakage, denial of service, or remote code execution.
Ocean Data Systems is a France-based company that focuses on reporting software for control systems. Dream Report deploys across several sectors including manufacturing, building automation, oil and gas, water and wastewater, healthcare, and electric utilities. Ocean Data Systems said these products see use mainly in France, Switzerland, United Kingdom, Israel, United States, and Germany.
A XSS vulnerability exists in the Ocean Data Dream Report application due to the lack of server-side validation of query string parameter values. Exploitation of this vulnerability requires a user visit a specially crafted URL, which injects client-side scripts into the server’s HTTP response to the client. CVE-2011-4038 is the number assigned to this vulnerability.
The write access violation vulnerability requires a user open a specially crafted file. This may result in arbitrary code execution. CVE-2011-4039 is the number assigned to this vulnerability.
The XSS vulnerability is remotely exploitable and the write access violation is not remotely exploitable and an attacker cannot exploit it without user interaction. The exploit can occur when a local user runs the vulnerable application and loads a malformed file.
An attacker with a low skill level can create the XSS exploit. Crafting a working exploit for the access violation vulnerability would be difficult. Social engineering would need to convince the user to accept the malformed file. Additional user interaction must occur to load the malformed file.
Click here to download the latest version of Dream Reports.