pipeline cyberattack

The saga Sentryo Files: Industries vs. Cyberattacks continues… Previously, in our last episode, we talked about the hijacking of a connected car in 2015. As for episode 2, we are turning to the pipeline cyberattack.

Cyberattack on the BTC pipeline

The cyberattack carried out in 2008 on the BTC oil pipeline on Turkish soil created an explosion that ignited a fire which blazed for over 20 days. Along the way, a million dollars in material and revenue were lost in the wind. The Kurdistan Workers’ Party (PKK), battling with Turkey since 1984, claimed responsibility for the attack.

How was the pipeline cyberattack carried out?

The authors of this cyberattack, driven by political motivations, first took hold of the surveillance camera network. According to Philippe Davadie (Director of external relations at the French Ministry of the Interior’s Center for Advanced Studies-CHEMI), this network can be considered an IT orphan: long-standing technology that, although essential to the company, is overlooked, especially in terms of security.

The surveillance camera network installed along the pipeline was vulnerable and linked to the surveillance center via the internet. The attackers were able to exploit these vulnerabilities and penetrate the technical control system to access the alarm management server. After having deactivated the alarms and all means of communication with local teams (by interfering with wireless communication), they took control of the industrial systems and created an over pressurization in the pipeline which resulted in an explosion.

Unfortunately, it took 40 minutes for the surveillance center to find out about the explosion because the  notification had to be sent by a technician near the site.

The BTC pipeline
The Baku–Tbilisi–Ceyhan pipeline runs through Azerbaijan, Georgia and Turkey. It spans 1,774 km and transports crude oil from the Caspian Sea to the Mediterranean.

How could the pipeline have been protected from this cyberattack?

Industrial companies must come to terms with the importance of implementing measures to protect their networks and infrastructures from this type of attack.

Verifying the availability of surveillance equipment is necessary for ensuring  cybersecurity for industrial IS. The lack of response from an alarm system is already in and of itself an incident. In addition, securing physical points of entry is primordial for the security of industrial IS.

The following measures can protect you from this type of attack:

  • Diversification of surveillance methods;
  • Tightening of industrial systems and control over physical points of entry;
  • Separation of systems;
  • Upgrading the security of equipment (vulnerable cameras and servers, for example).

This was a wide-reaching and serious attack that is an example, among others, of the cyberattacks increasingly targeting industrial infrastructures year after year. The BTC pipeline, the oil company Aramco in 2012 and the Ukrainian electric grid in 2015… These malicious acts prove that it is more than high time to secure industrial networks.

Sources: reports drafted by the SCADA work group of the French Information Security Club (Clusif) in 2017.