Oil & Gas and Power Grids Have New "Cause for Concern" from Hackers

A report released in June, from the security firm Dragos, describes a worrisome development by a hacker group named, “Xenotime” and at least two dangerous oil and gas intrusions and ongoing reconnaissance on United States power grids.

Multiple ICS (Industrial Control Sectors) sectors now face the XENOTIME threat; this means individual verticals – such as oil and gas, manufacturing, or electric – cannot ignore threats to other ICS entities because they are not specifically targeted.


The Dragos researchers have termed this threat proliferation as the world’s most dangerous cyberthreat since an event in 2017 where Xenotime had caused a serious operational outage at a crucial site in the Middle East.

The fact that concerns cybersecurity experts the most is that this hacking attack was a malware that chose to target the facility safety processes (SIS – safety instrumentation system).

For example, when temperatures in a reactor increase to an unsafe level, an SIS will automatically start a cooling process or immediately close a valve to prevent a safety accident. The SIS safety stems are both hardware and software that combine to protect facilities from life threatening accidents.

At this point, no one is sure who is behind Xenotime. Russia has been connected to one of the critical infrastructure attacks in the Ukraine.  That attack was viewed to be the first hacker related power grid outage.

This is a “Cause for Concern” post that was published by Dragos on June 14, 2019.

“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern. XENOTIME has successfully compromised several oil and gas environments which demonstrates its ability to do so in other verticals. Specifically, XENOTIME remains one of only four threats (along with ELECTRUM, Sandworm, and the entities responsible for Stuxnet) to execute a deliberate disruptive or destructive attack.

XENOTIME is the only known entity to specifically target safety instrumented systems (SIS) for disruptive or destructive purposes. Electric utility environments are significantly different from oil and gas operations in several aspects, but electric operations still have safety and protection equipment that could be targeted with similar tradecraft. XENOTIME expressing consistent, direct interest in electric utility operations is a cause for deep concern given this adversary’s willingness to compromise process safety – and thus integrity – to fulfill its mission.

XENOTIME’s expansion to another industry vertical is emblematic of an increasingly hostile industrial threat landscape. Most observed XENOTIME activity focuses on initial information gathering and access operations necessary for follow-on ICS intrusion operations. As seen in long-running state-sponsored intrusions into US, UK, and other electric infrastructure, entities are increasingly interested in the fundamentals of ICS operations and displaying all the hallmarks associated with information and access acquisition necessary to conduct future attacks. While Dragos sees no evidence at this time indicating that XENOTIME (or any other activity group, such as ELECTRUM or ALLANITE) is capable of executing a prolonged disruptive or destructive event on electric utility operations, observed activity strongly signals adversary interest in meeting the prerequisites for doing so.”

White Paper: Breakthrough Solenoid Valve Technology for Upstream Oil and Gas Heating Equipment

Low-temperature stainless steel fuel shutoff valves are usually utilized for on/off control of fuel gas
within gas fuel trains in process heating system burners. These systems are widely used by oil and gas firms as well by as original equipment manufacturers (OEMs) that produce gas heating equipment or burner management systems (BMSs) and controls in upstream oil and gas pipelines and tanks.

In recent years, a new generation of solenoid valve technology has been changing the shutoff valve game. Their modern designs provide pipeline and tank heating systems with robust, durable performance; safety; and regulatory compliance — all while increasing efficiency and productivity.

Many operators in North America and beyond are moving away from using pneumatically operated shutoff valves on their pipelines and tank heaters. They’re replacing them instead with valves introduced within the last decade by a few manufacturers — all based on solenoid shutoff valve technologies. White paper courtesy of ASCO.

---

DOWNLOAD THE FULL WHITE PAPER FROM THE

IVES EQUIPMENT WEBSITE HERE

---

Automation Federation, Oil & Gas and DHS Work Together for Cybersecurity

The Oil & Gas industry explore, extract, and deliver vital energy via a finely-tuned network of worldwide control systems. These systems used to be isolated proprietary systems, but they're now connected to the Internet just like so many other of our critical infrastructures, and are now susceptible to the same vulnerabilities that we see reported on a daily basis.

Since 2006 the Automation Federation has been the Host Organization for LOGIIC (Linking Oil and Gas Industry to Improve Cybersecurity.) This has been a successful collaboration between the Automation Federation, the Department of Homeland Security, and the members of LOGIIC.

Over the past decade, the LOGIIC consortium has designed tools and techniques to protect critical systems on a global scale, from research & development through practical implementation. LOGIIC is a visionary project. It was one of the first of its kind including partners that would normally compete against each other. LOGIC is about collaborating in cyber security.

Check out the new video about the success of LOGIIC here!

The Cyber Security Division of the DHS Science & Technology Directorate leads an ongoing consortium that began with a single partner in 2004 and now includes five major oil & gas companies and the Automation Federation, supported by world-class vendors and research organizations. It's a global engagement with global impact on cyber security. LOGIIC is one team. It's important to be international because a threat does not come from one country or from another one country.

Since its inception, LOGIIC has successfully completed eight major projects, with plans for many more.  Upon completion of selected projects, LOGIIC delivers public reports to help elevate best practices across the entire industry. Both the member companies and the government are putting funds towards these projects which benefits not only the private sector, but also the public interest. Companies are applying these learnings within their organizations, because it helps bridge the gap between information technology and the industrial-environment sides of the organization.

The lessons learned through the LOGIIC projects allows the roll out of higher level cyber security and protection across all the industries. DHS is a key contributor to LOGIIC and to the success of the projects year after year. In addition to providing that technical expertise and environments such as labs and research institutes, they’re able to conduct substantial testing, and act as a conduit to make it all happen. LOGIIC started as a new model and a vision. Members came to the table, bought into the vision, and now LOGIIC is delivering real results to protect the modern industrial infrastructure.

To recognize the success of LOGIIC, DHS has released a video that features the efforts of LOGIIC. You can see the video here on the Ives Equipment Community Page.