Offshore Drilling Rigs Vulnerable To Hackers 116
Hugh Pickens writes "Foreign Policy magazine reports that a research team from the SINTEF Group, an independent Norwegian think tank, has warned oil companies worldwide that offshore oil rigs are highly vulnerable to hacking as they shift to unmanned robot platforms where vital operations — everything from data transmission to drilling to sophisticated navigation systems that maintain the platform's position over the wellhead — are controlled via wireless links to onshore facilities. 'The worst-case scenario, of course, is that a hacker will break in and take over control of the whole platform,' says Martin Gilje Jaatun, adding that it hasn't happened yet, but computer viruses have caused personnel injuries and production losses on North Sea platforms. The list of potential cyberattackers includes ecowarriors aiming to jack up an oil firms' production costs, extortionists drawn to oil firms' deep pockets, and foreign governments engaging in a strategic contest for ever-more-scarce global oil reserves, says Jeff Vail, a former counterterrorism and intelligence analyst with the US Interior Department. 'It's underappreciated how vulnerable some of these systems are,' says Vail. 'It is possible, if you really understood them, to cause catastrophic damage by causing safety systems to fail.'"
Re:Astounding (Score:2, Interesting)
The idea is to have something that people can maintain in the future. Maybe they didn't make the best of platform/language choices but there wasn't much else available at the time and the goal was the right one.
At least Windows is still around and can probably still run that app. If they'd chosen the "best" platform available on consumer hardware back then (maybe OS/2...) they'd have been just as badly off in the long term as if they'd stuck with MS-DOS.
Re:SINTEF is no "think tank" (Score:1, Interesting)
And like Fraunhofer they are involved in several fields. One of them is creating some of the software systems at risk.
I think what the SINTEF guy is saying is: "My coworkers in the floor above my office (SINTEF Petroleum Research) doesn't know how to create secure software." If anything goes wrong in the Integrated Operations projects SINTEF is involved in Martin can say "I told you so!"
http://www.sintef.no/Home/Information-and-Communication-Technology-ICT/Software-Engineering-Safety-and-Security/Research-groups/Information-Security/Information-security-in-integrated-operations/
http://www.sintef.no/Home/Information-and-Communication-Technology-ICT/Software-Engineering-Safety-and-Security/Projects/IO-SFI/
Let's have a heated discussion on Slashdot about this internal issue!
Re:Hack The Planet (Score:2, Interesting)
Where it the article... (Score:3, Interesting)
... does it say they used Windows? At a recent conference on software safety and security, I heard a presentation on this topic that indicated that a lot of these incidents are like the one quoted in the article - a disgruntled employee or ex-employee with knowledge of how the system works, hacks into the wireless control network, and causes damage by incorrectly operating valves or altering sensor readings, causing an inappropriate reaction by the system. The example quoted was a water treatment facility that was part of a resort complex in Australia. Like this example, one of the contractors that installed the wirelessly operated system was disgruntled over not getting a permanent job. So he showed up outside the facility with a wireless equipped laptop, gained access to the system, and caused raw sewage to be discharged into the environment. He did this repeatedly before being caught. But this had nothing whatsoever to do with Windows.
Given that the article provides no examples, I take the line about "computer viruses causing injuries and production losses" with a huge grain of salt. I'd bet the mortgage payment that what really happened is that computer viruses in non-essential, but Windows based systems caused economic damages by deleting or altering financially significant data.