So, a very limited state of emergency which allows fuel that is ordinarily piped to be transported by truck.
Ancillarily, It's not evident this cyberattack actually compromised the industrial controls, but rather trashed the administrative system controlling the controls.
> It means drivers in 18 states can work extra or more flexible hours when transporting gasoline, diesel, jet fuel and other refined petroleum products.
This means truck drivers hauling 45,500+ lbs of an extremely flammable liquid aren't required to sleep.
I worked in the supply chain industry for a few years, dropping these restrictions is unheard of. My instinct tells me this issue is a lot worse than it seems now.
Armchair take: The pipelines handle a lot of fuel, and the US needs / uses a lot of fuel; to move the same amount, you need a lot of trucks. And if that need is not met, the economy etc will be disrupted heavily, price of fuel will go up, and the price of fuel going up has caused massive issues in the past.
Last time I checked the amount of sleep I need doesn't go down when an oil pipeline stops flowing.
It's offloading the risk to drivers to benefit these companies first and foremost, which is ridiculous. The cherry on top is the article pointing out even with the extra hours they won't be anywhere near meeting demand...
No, that part of the regulations (the 10 hour break requirement) specifically does not get suspended in an emergency, if I recall correctly, but federal qualifications for new drivers do, so maybe someone otherwise hauling oranges from Florida might drive a tanker while the normal driver has a day off. Plus, this is only federal law; state laws still apply, and it is state troopers who pull you over, not feds.
I don't think so. These drivers need more specialized training, and the type of equipment they haul is different. Plus I'd imagine your mindset is different when you have a swimming pool's amount of oil a few feet behind you compared to a bunch of toilet paper or whatever.
Everyone here is failing to read between the lines.
Nobody in trucking gripes about limited working hours. The current hours per week available for work are more than enough to work at an unsustainable rate of sleep. What everyone bitches about is the electronic logging requirements that prevent them from cooking the books in order to account for delays that happen over the normal course of business. Because people can no longer cook the books they do other things that increase risk.
For political and optical reasons the DOT can't exempt them from e-logs to make their lives easier. So they just exempt them from all of it. They're basically saying "if you're gonna push yourselves we'd rather you cut the smart corner and work a 12hr day than drive around like maniacs trying to fit X hours of driving in a Y hour window."
Absolutely they do, but with the pipeline down its a volume and distance issue.
Normally the pipeline would pump huge amounts of fuel around to various distribution centers where trucks and tankers would then haul it the last leg to e.g. gas stations and other end users. Now there will be far fewer distribution centers to pick up the load from, and much longer distances to drive to deliver the product.
Naturally a pipeline has much greater capacity than a string of trucks, not to mention the impacts on traffic and safety concerns that go with pushing the truck drivers that far. The limited number of distribution points with the pipeline offline will probably have a logistical impact as well since there will be an imbalance re: how many trucks are arriving to get filled up.
It's interesting to consider the human link between the admin systems and industrial control systems here. If we assume the controls are on an airgapped network, the attackers, in some sense, jumped the airgap and shutdown the pipeline.
Obviously not as bad as an actual compromise of the control systems though, which presumably could cause leaks, explosions, etc.
Generally the controls are firewalled from the administrative/business systems, not air-gapped.
Production data (like gallons per minute of flow through the pipeline) must be sent from the controls to the business analytics software. That's generally done through a firewall over TCP/IP.
I've seen systems where data is sent via UDP and the physical connection was transmit-only (for example, only the transmit fiber plugged in to the port) to avoid potential firewall exploitation.
Often that kind of reporting data is delivered back via a “data diode” unidirectional network. That said, there is usually just a dmz between biz and prod to enable remote support of the controls system (ala the Purdue model), and not any real air gap.
They likely could have kept running the pipeline without incident.
I imagine when the government stepped in they decided to dial their procedures up to 10 and they plan on making an example out of this incident and the perpetrators.
> James Chappell, co-founder and chief innovation officer at Digital Shadows, believes DarkSide bought account login details relating to remote desktop software like TeamViewer and Microsoft Remote Desktop.
Once they get in to the internal network, they could possibly have access to anything. Most organizations don't follow good practices for internal services and there's all kinds of unauthenticated crap that's accessible to anyone who knows where to look.
If its really a ransomware attack, they could have taken over some internal system, or maybe just locked out remote access. We will need to know more, but at first glance it doesn't look very good.
Ancillarily, It's not evident this cyberattack actually compromised the industrial controls, but rather trashed the administrative system controlling the controls.