Study: Pentagon fuel supply at risk of hack

Placeholder Image for Article Template

The Pentagon should take a page from the Department of Homeland Security’s cyber defense playbook for energy infrastructure to guard against electronic assault on its fuel supply chain, according to a new study.

The Defense Department's use of unsecured networks to oversee the distribution of fuel and other logistical activities has left it vulnerable to the same kind of malware-based cyberattack that crippled 30,000 computers in oil giant Saudi Aramco's networks in 2012, according to "Hacks on Gas: Energy, Cybersecurity and U.S. Defense," a report written by Christopher Bronk, a fellow in IT policy at Rice University's Baker Institute. He produced the report for the U.S. Army War College's Strategic Studies Institute.

DOD's operations manager, the Defense Logistics Agency, should accelerate its protection of supervisory control and data acquisition (SCADA) systems in its fuel-distribution networks, Bronk wrote, just as DHS has done with private-sector energy infrastructure providers through the Industrial Control Systems Cyber Emergency Response Team.

"The DOD would be well served to carefully engage in efforts similar to those undertaken by the Department of Homeland Security to improve the cyber defenses of industrial control systems deployed in electricity," he wrote. The threat to oil and gas production and distribution is real, he added, but the odds of a widespread catastrophic attack remain slim.

Nevertheless, DOD should better protect its logistics networks, particularly DLA's Fuels Automated System, which handles a variety of applications that fall under the Enterprise Business System (EBS).

"DOD fuels management is paperless and utilizes Windows-based client/server applications and Web-based applications where data is entered and received via an Internet browser,” Bronk wrote. Rather than develop its own fuels management system, DLA opted for an enterprise software package that includes commercial technology.

The software allows the system to run on commodity computers that use Microsoft Windows. The operations might be cost-efficient, but the Windows/Intel platform is exploitable by attackers, Bronk wrote. Furthermore, DLA’s EBS Energy Convergence program could deepen that vulnerability as the agency deploys more network elements designed to function easily with the standards and practices of the oil and gas industry.

Sophisticated attackers are likely aware that DOD runs commercially available SAP products on its Non-classified IP Router Network that is connected to the public Internet, while physical disconnects, or "air gaps," protect other DOD networks, Bronk wrote.

However, he concluded that creating and maintaining a classified computing environment to manage fuel acquisition and distribution might be technically infeasible and would certainly be costly.

He recommended instead that DOD develop a better organizational approach to protecting its fuel-distribution system from electronic assault, including recognizing that the threat spans the entire fuel supply chain, not just DOD facilities; developing trusted third-party and clearinghouse relationships to help detect threats; and sharpening detection skills and risk management. Those all require that DOD have reliable intelligence on spikes in fuel demand, local conflicts in oil-producing regions and terrorist threats against fuel supplies, including the likelihood of such attacks.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Tue, Feb 18, 2014 Globecore Blending Ukraine

Modern gasoline is very difficult by its hydrocarbonic structure and presence of additives which have various functional properties. Quality of common gasoline is defined by about twenty indicators which fix in the quality passport on each portion of gasoline. Such quality indicators as the induction period or water-soluble acids are most often known only between experts. But octane number of gasoline, well known practically every person. GlobeCore Company started manufacturing additive mixing systems for additive blending in hydrodynamic knot of mixing with additives injection by knots, depending on consumption of a basic component. Depending on requirements of the final product, exist from 2 to 7 additional knots for additives injection in the hydrodynamic mixer.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group