Pumping Stations for Crude Oil and Refined Product. A coordinated attack on several key pumping stations for crude oil or refined products could lead to serious economic disruption. For example, a significant portion of the product used in the Northeast comes from the Gulf Coast by pipeline. Pumping stations are generally, but not always, unstaffed large facilities covering several acres. The pumps may be in the open or housed inside a sheet-metal building. Pumping stations are typically fenced, but they usually have no intrusion detection system. Unfortunately, because the main and backup power transformers for these sites are often colocated with the pumping station, all power supplies could easily be taken out at the same time.

Pumping stations tend to be remotely monitored and controlled through SCADA systems that communicate with a remote control center. The loss of a pump or other single component at a pumping station can usually be handled routinely with existing spares. However, the outage following a terrorist attack that destroys a large amount of equipment could last at least 4 months if replacement pumps and drivers are available, and perhaps 8 months to a year if they are not. In the meantime, supply at the end points of the pipeline would be greatly curtailed, although ships, barges, tank trucks, and trains might be employed to deliver essential products to those in greatest need.

Command, Control, and Communications. SCADA systems are vital to the operation of many facets of the oil business, including pipelines and refineries. SCADAs are particularly vulnerable to cyberattack because they were initially designed without consideration of security. At times, operators allow direct connections between a critical control network and the company’s local area networks or the Internet; intranets and the Internet are common vehicles for cyberattack, by insiders or outside hackers (Teumim, 2002). In addition, pipelines use radio-frequency and microwave systems to transmit data and to operate remotely. These wireless transmission systems are vulnerable to intrusion.

SCADA systems also are increasingly integrated into company business systems, making them even more accessible to cyberattack. The industry has not been exposed to the large-scale, sophisticated cyberattacks experienced by the financial sector and by government defense and intelligence agencies, but these may just be a matter of time. Some SCADA design companies and operators are introducing security elements into their SCADA systems to prevent intrusion, but wider application of existing security technology and development of more robust technology are needed.

In addition to cyberattack, physical attack on the pipeline or refinery control centers that house the SCADA systems would cause major disruptions, which could be very difficult to remedy quickly. The industry would also be vulnerable to disruptions caused by the loss of electricity and water supplies needed to run pipelines and refineries.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement