In his testimony Friday, Michael Williams, the chief electronics technician aboard the Transocean-owned Deepwater Horizon, said that the rig’s safety alarm had been habitually switched to a bypass mode to avoid waking up the crew with middle-of-the-night warnings. During that interview, Michael also said that the computer that monitored the drilling operations on the Deepwater Horizon had been freezing with a “blue screen of death” prior to the explosion that sank the oil rig and resulting in the deaths of 11 workers.
When I read that article, I had a strong case of Déjà vu. This is not the first time that a Blue Screen problem has impacted the SCADA systems controlling an offshore oil rig. I was on a team that responded to a similar incident back in 2004. The prior Blue Screen problem was caused by the SQL Slammer worm, and resulted in 8 hours of downtime and over 1.2 million dollars of financial loss. At least that incident did not involve any human losses.
So since the last time the Blue Screen of Death impacted SCADA Systems was due to the SQL Slammer worm, what do you think was the cause of the Blue Screen problem with the Deepwater incident? Having performed over 120 security assesments of SCADA systems, I can say with first hand knowledge that many of those systems are connected to the Internet, missing security patches, and prone to malware and botnet code.
It is time that SCADA and IT professionals start viewing SCADA Security as not only a security problem, but also a SAFETY problem. Neglect to harden the security of SCADA systems could also lead to legal implecations, especially where security standards like ISA S99, and regulations like the NERC CIP and DHS CFATS have been published and available for some time now. Hopefully our industry will learn from these issues, view this as a wake up call, and start taking action to secure their SCADA and control systems.
– Jonathan