Study: Pentagon fuel supply at risk of hack

Placeholder Image for Article Template

The Pentagon should take a page from the Department of Homeland Security’s cyber defense playbook for energy infrastructure to guard against electronic assault on its fuel supply chain, according to a new study.

The Defense Department's use of unsecured networks to oversee the distribution of fuel and other logistical activities has left it vulnerable to the same kind of malware-based cyberattack that crippled 30,000 computers in oil giant Saudi Aramco's networks in 2012, according to "Hacks on Gas: Energy, Cybersecurity and U.S. Defense," a report written by Christopher Bronk, a fellow in IT policy at Rice University's Baker Institute. He produced the report for the U.S. Army War College's Strategic Studies Institute.

DOD's operations manager, the Defense Logistics Agency, should accelerate its protection of supervisory control and data acquisition (SCADA) systems in its fuel-distribution networks, Bronk wrote, just as DHS has done with private-sector energy infrastructure providers through the Industrial Control Systems Cyber Emergency Response Team.

"The DOD would be well served to carefully engage in efforts similar to those undertaken by the Department of Homeland Security to improve the cyber defenses of industrial control systems deployed in electricity," he wrote. The threat to oil and gas production and distribution is real, he added, but the odds of a widespread catastrophic attack remain slim.

Nevertheless, DOD should better protect its logistics networks, particularly DLA's Fuels Automated System, which handles a variety of applications that fall under the Enterprise Business System (EBS).

"DOD fuels management is paperless and utilizes Windows-based client/server applications and Web-based applications where data is entered and received via an Internet browser,” Bronk wrote. Rather than develop its own fuels management system, DLA opted for an enterprise software package that includes commercial technology.

The software allows the system to run on commodity computers that use Microsoft Windows. The operations might be cost-efficient, but the Windows/Intel platform is exploitable by attackers, Bronk wrote. Furthermore, DLA’s EBS Energy Convergence program could deepen that vulnerability as the agency deploys more network elements designed to function easily with the standards and practices of the oil and gas industry.

Sophisticated attackers are likely aware that DOD runs commercially available SAP products on its Non-classified IP Router Network that is connected to the public Internet, while physical disconnects, or "air gaps," protect other DOD networks, Bronk wrote.

However, he concluded that creating and maintaining a classified computing environment to manage fuel acquisition and distribution might be technically infeasible and would certainly be costly.

He recommended instead that DOD develop a better organizational approach to protecting its fuel-distribution system from electronic assault, including recognizing that the threat spans the entire fuel supply chain, not just DOD facilities; developing trusted third-party and clearinghouse relationships to help detect threats; and sharpening detection skills and risk management. Those all require that DOD have reliable intelligence on spikes in fuel demand, local conflicts in oil-producing regions and terrorist threats against fuel supplies, including the likelihood of such attacks.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Tue, Feb 18, 2014 Globecore Blending Ukraine

Modern gasoline is very difficult by its hydrocarbonic structure and presence of additives which have various functional properties. Quality of common gasoline is defined by about twenty indicators which fix in the quality passport on each portion of gasoline. Such quality indicators as the induction period or water-soluble acids are most often known only between experts. But octane number of gasoline, well known practically every person. GlobeCore Company started manufacturing additive mixing systems for additive blending in hydrodynamic knot of mixing with additives injection by knots, depending on consumption of a basic component. Depending on requirements of the final product, exist from 2 to 7 additional knots for additives injection in the hydrodynamic mixer.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group