Stop Attacks and Disasters Across IT, OT and Physical Assets with Security Software

This entry was posted by on .

Attacks and Disasters Happen Across all Verticals, and They Often Cross IT, OT, and Physical Infrastructure. So How Does it Make Sense to Have a Security Strategy that Only Protects IT?

Below are a few examples of attacks and disasters that happened across IT, Operational Technology (OT), and Physical Assets across many different verticals. Most of these are recent, but one of them was 30-years ago and most people still remember it.


Electrical Substation

The attack began just before 1 am on April 16 last year, when someone slipped into an underground vault not far from a busy freeway and cut telephone cables not far from San Jose, CA. Within 1/2 hour, snipers opened fire on an outlying electrical substation. Shooting for 19 minutes, they surgically knocked out 17 giant transformers that funnel power to a nearby metropolis. A minute before police arrived, the shooters disappeared into the night. Power disruption was avoided by rerouting power from other stations, but the station remained closed for 27 days for repairs. Other Utilities Substations that have experienced trouble are: Melbourne, Australia, Scarborough, Ontario and Warren, Minnesota to name a few.

Natural Gas

In a Natural Gas Facility in Algiers, Algeria, Islamic Militants took hostages from many countries including the United States, England, Japan, Ireland, France, Austria, and Algeria as retaliation for this country letting French attack jets into Mali airspace to fight Islamic rebels; After the four-day siege, 81 people lost their lives including guards, workers held hostage, and terrorists at the fire-and-bomb ravaged gas site. Similar recent terrorist incidents happened in that part of the world in Cherchell (West of Algiers), Mauritanian in Mali, and Southwest of Tiziouzou.



On February 6th, 2014, Target, a giant retailer, had a major breach of its computer systems which resulted in credit card number theft belonging to 3 million customers of the retailer. Federal officials are investigating whether an unsuspecting heating and air conditioning company was the door the hacker’s used in the breach of this giant retailer’s computer network to steal credit card numbers. It is believed that computers were accessed via an HVAC system to control heating and cooling to optimize and achieve savings in energy costs chain-wide. Similar attacks to commit fraud and stolen customer information happened with these retailers: Harvest Foods, Michael’s, Stein’s Market.

Oil and Gas

On August 6, 2012, there was a process fire in the crude unit at a Richmond, CA refinery. That fire endangered 19 workers and sent more than 15,000 residents to the hospital for medical attention. A pipe failed and was not detected by multiple detection erosion systems. An inspection, 10-years-earlier, in 2002 noted a 1/3 loss of wall, but was only added in the notes section, not in the main system where it could have been useful. Subsequent inspections did not test all parts so failed to detect the faulty pipe. New safety regulations require that every component be inspected on a yearly basis. Similar incidents happened at facilities in: El Dorado, Arkansas, Baton Rouge, Louisiana, and Ontario, Canada.


Another OIl and Gas Incident

There have been many more incidents affecting oil and gas and most of them involved physical and IT including: OPpetrol. In this attack at an oil Refinery, Hacktivist Group “Anonymous” pre-announced a June 20, 2013 Cyber Attack against Oil & Gas Infrastructure. The plan was to blow up a refining plant. A guard lost his life when he radioed to alert co-workers an attack was in progress. The staff initiated the shutdown series, but several structures were blown up and hostages were taken.

Insider Threat to Oil and Gas

In August 2012, Saudi Aramco was hit by a computer virus that wiped data from 30,000 computers. Although the attack did not have an impact on the oil production, it disrupted Saudi Aramco’s internal communications. The virus, termed ‘Shamoon’, was inserted to the company’s network via a USB stick. The US government has blamed Iran for the attack, and the Secretary of Defense Leon Panetta stated that it was “probably the most destructive attack that the private sector has seen to date”. This was a good example of an insider threat which could be prevented with AlertEnterprise Software.



An unmanned train, near Lac Megantic, Canada, carrying crude oil became a 74-car-train-derailment that killed 44 townspeople and 5 others are missing and presumed dead. More than 30 buildings in the town’s center, roughly half of the downtown area was destroyed. Initial newspaper reports described a 1 km blast radius. It should be noted that the track was not equipped with signals to alert the traffic controller to the presence of a runaway train. Other train disasters happened near Cambridge, United Kingdom, Houston, Texas, and Helsinki, Finland. And if you “Google it”, you will find many more in the transportation industry including airplanes obviously.

Military and Government

In this Navy Yard shooting, a contractor on a military base had previously received 8 reprimands for misconduct and 3 citations for breaking civilian laws. He had a recent history of mental health issues and was given psychotropic drugs for insomnia twice close to the time of the incident. He entered this defense facility carrying a shot gun and hand gun and was not required to go through a metal detector. He opened fire killing 13 people and injuring 3 more. Similar incidents happened in: Fort Hood Shootings, Texas, at a Shipyard in Norfolk, Virginia, and at Army Human Resources in Fort Knox, Kentucky. And unfortunately, if you Google it, you will find many more.

High Tech Manufacturing

This outage by digital game manufacturer Sony, was caused by an “external intrusion” in which the technology giant’s network and services for Sony Play Station were interrupted because the personal information of 77 million users accounts were stolen, preventing users from playing online using the service. The attack occurred between April 17th and 19th 2011, and the manufacturer finally turned off the service on April 20th. On May 4th the company confirmed that personal identity information from each of the users had been stolen. The outage lasted 24 days.

Another High Tech Incident

At a High Tech Company in Silicon Valley, a Founder of a company was let go from his position and he came back and shot the CEO and VP of Human Resources and several other employees because, tragically, his access to the building was not immediately revoked at the time of termination. Other High Tech companies have had different kinds Incidents, but they still include IT, OT and Physical Assets. A few of them took place in: Ottowa, Canada, other companies in Silicon Valley, Austin,Texas, and Kanata, Canada.


We still remember the Tylenol tragedy, even though it was almost 30-years ago. A terrorist tampered with bottles of medicine on the shelf, replacing medicine with cyanide resulting in the death of 7 people and the recall of 31 million bottles of medicine and a more than $100 million loss to the company. This incident resulted in the tamper-resistant packaging that is mandated by the FDA today. Other drug tampering incidents include: Excedrin and Encaprin.

Of course hindsight is 20/20 and I am not trying to criticize anyone for these awful tragedies, but  we have learned from them and now there is software from AlertEnterprise that can prevent them from happening in the future.

How Does AlertEnterprise Stop, Detect, Mitigate and Eradicate These Types of Threats and Disasters?

Enterprise Guardian-as part of the on-boarding process, we provide visibility to background checks, PRA, certifications, LMS, GRC, etc. to assure that regulatory and corporate policies have been met. At the time of termination, employees are automatically removed from physical and logical access. EG can enforce mandatory 90-day cooling off periods from critical areas after changes in employment status.

Enterprise Sentry-detects anomalies in usage across IT, OT, and Physical Assets, correlates events, alerts you to a threat, and lets you get a better look via cameras through intelligent PSIM. It can be preconfigured to take action to eradicate threats, in example, shutting down a valve via SCADA/ICS and alert your Head of Security, authorities and first responders like police and firefighters.

Compliance Validator-enforces compliance to safety and security regulations, makes audits a breeze with automatic reports, and helps prevent disasters due to human error and equipment failure.

For More Information If you want to know more about how AlertEnterprise can save your company money while preventing disasters, email us at or call Dontae at 510-824-6612 or our main number at 510-440-0804.