A worm in the works

Could disasters loom as more and more pipeline operators switch to Windows NT?

A worm in the works

On June 10, 1999, the Olympic Pipe Line Company’s main fuel line ruptured in Bellingham, turning picturesque Whatcom Creek into a blazing torrent of gasoline and killing three people. On the same day Worm.Explore.zip, a particularly nasty software worm disseminated as an attachment through Microsoft API-compliant e-mail programs, ran rampant through various large corporate networks (including Microsoft’s), deleting a random assortment of Microsoft Word, Excel, PowerPoint, and other files.

No one noted the coincidence of the two events at the time. But could it be more than coincidence? Might a computer virus or worm like Worm.Explore.zip threaten pipeline control systems like Olympic’s?

The answer appears to be no in the case of the Olympic accident, but yes or maybe in the case of a growing number of other pipelines around the world.

The potential targets in question are the computerized SCADA (supervisory control and data acquisition) systems that monitor the complex balance of flow, pressure, temperature, and other conditions inside the lines. Olympic’s SCADA system crashed one hour before the Bellingham accident, and a back-up computer also crashed, allowing pressure to build in the pipe. One month later the US Office of Pipeline Safety issued a warning to pipeline operators nationwide, advising them to make sure their control systems wouldn’t suffer similar malfunctions. It reported that an internal “database error . . . hampered controller operations” on the Olympic line. Together with the SCADA processor’s “inadequate reserve capacity” and the chaotic situation, this “may have been prevented the pipeline controllers” from reacting quickly enough.

Following this failure, says Olympic Pipe Line spokesman Pierce Edwards, “we completed an analysis of the SCADA system. As a result, the system parameters have been modified and the system upgraded, including a 750 percent increase in [data] processing capacity.” Officials at Olympic, the US Office of Pipeline Safety, and the National Transportation Safety Board otherwise decline to discuss details of the accident, pending release of an NTSB report that’s taking longer than expected. (The investigation has been complicated by Olympic employees’ refusing to provide information on grounds of self-incrimination.) NTSB spokesman Keith Holloway did confirm last fall that “the computer virus [sic] is one [potential factor] we’re looking into.”

But not one that’s likely to pan out. That’s because, according to Olympic IT manager Dan Swathman, the pipeline’s SCADA system does not run on Windows, which might have made it vulnerable to the e-mail-borne Worm.Explore.zip: “Our current SCADA system is on VMS, from Digital Equipment [now Compaq], running on an Alpha Chip. GMI makes the system. A couple computers are dedicated to it.” And, Swathman adds, these computers are not connected to the Windows-based e-mail and office systems through which the worm could have gotten in.

That’s reassuring—but the broader picture may not be. Across this country, and as far away as China, pipeline systems are switching from VMS and Unix systems to versatile, ubiquitous, user-friendly Windows NT. “The scada market has been moving towards Windows NT as the dominant operating system,” Oil & Gas Journal reported (3/24/97). “The use of NT for the console platform has many advantages, including the ability to display scada screens on the same console as many common business applications which have been developed for the Windows environment. . . . The archival of data in a relational form allows access by other applications outside the scada system. In this way, scada vendors are meeting the requirements of pipeline companies to use scada data in business applications outside the traditional gas-control environment.” In other words, Windows NT lets operators integrate their SCADA and business applications, such as . . . the e-mail through which viruses and worms typically spread.

Representatives of the famously underfunded and ineffective Office of Pipeline Safety say they don’t see a problem here nor do they meddle in companies’ choices of operating systems. “We want them to use the best operating system for their pipeline,” says one. And Microsoft representatives had no comment on the use of Windows NT in control systems and possible security concerns or precautions.

But Matt Saunders, a local expert on Windows NT vulnerability, was less sanguine when informed of such use. “One would hope that their command and control policies dictate that control machines should be isolated from other hosts,” he notes, “But this is rarely the case for most organizations, because it’s simply easier to get work done and ignore the risks.

“It terrifies me that a control system of this nature is being run on NT. It’s simply insane.”

Talk to us

Please share your story tips by emailing editor@seattleweekly.com.

More in News & Comment

This screenshot from Auburn Police Department bodycam footage shows an officer about to fire his weapon and kill dog on May 13, 2022.
Auburn police shoot dog, and owner claims it wasn’t justified

See videos of attack as well as bodycam footage of officer firing at dog.

File photo.
King County Council approves creation of Cannabis Safety Taskforce amid rash of dispensary robberies

The multi-agency task force will cooperate to find ways to improve safety in the cash-only industry.

Screenshot from ORCA website
New ORCA system launches for regional transit across the Puget Sound

Overhaul includes new website, mobile application and digital business account manager.

Judged by XII: A King County Local Dive podcast. The hands shown here belong to Auburn Police Officer Jeffrey Nelson, who has been charged with homicide in the 2019 death of Jesse Sarey.
JUDGED BY XII (Episode 4): Foster mom wants accountability in Auburn cop’s upcoming murder trial

Special podcast series explores Auburn Police Officer Jeffrey Nelson’s role in the death of Jesse Sarey.

Diane Renee Erdmann and Bernard Ross Hansen. Photos courtesy of FBI
FBI arrests Auburn couple after 11-day manhunt

The couple was previously convicted for fraud and skipped sentencing on April 29.

Screenshot from Barnes and Noble website
Cover art of books that KSD Librarian Gavin Downing says have been under fire: “Jack of Hearts (and Other Parts),” by Lev A.C. Rosen, “If I Was Your Girl,” by Meredith Russo, and “All Boys Aren’t Blue,” by George Matthew Johnson.
Kent middle school librarian wins intellectual freedom award

Gavin Downing refused to keep ‘silence in the library’ amid attempted book banning and censorship.

Kent elementary school teacher accused of using racist language toward student

River Ridge Elementary instructor placed on administrative leave by Kent School District.

FILE PHOTO: King County Sheriff’s Office deputies.
Dozens of King County Sheriff’s Office employees left jobs instead of getting vaccinated

This added on to the existing number of vacancies in the department.

Joann and Allan Thomas are flanked in court by their attorneys Terrence Kellogg (fourth from the right) and John Henry Browne (far right) on May 10, 2022. Judge Richard Jones is presiding over the case. Sketch by Seattle-based artist Lois Silver
At drainage district corruption trial, it’s a tale of dueling conspiracies

Allan and Joann Thomas are in trial in Seattle on fraud charges.

Most Read