Control System Destroyed at Chlorine Plant

Gen Buck Turgidson, Director of the National Critical Infrastructure Security Operations Center (CI-SOC), confirmed this morning that the CI-SOC was working with NACL Industries to determine how the program for the plants chlorine production facility was completely wiped out this week. There are reports that North Korean malware was involved. On Monday, there were reports from sources at the company’s Blew Bayou, LA. chlorine production facility that a production stoppage over the weekend was due to a ransomware attack on the industrial control system at the plant. A spokesman for the company refused to answer questions about a ransomware attack, stating that: “We can neither confirm nor deny that a ransomware attack has been made against any company assets.” A representative from Dragonfire Cyber who was seen yesterday in Blew Bayou and who was not authorized to talk to the press, told me that the cyber investigation firm had found indications that an updated version of “SMASHINGCOCONUT” wiper program had been employed at the plant. That program was reportedly developed by a North Korean APT group in 2017. “The new version was specifically modified to wipe files on a Robotron control system down to the instrument level,” the source said. Ernest A. LeSueur, President of NACL Industries, told reporters that the chlorine production facilities had been shutdown since a cyber attack on the control systems occurred on Saturday. “We are cooperating with CI-SOC and criminal investigators to determine who is responsible for the attack,” he said; “But our real focus is the safe restart of our production facilities.” LeSueur confirmed that the Company had declared force majeure on their chlorine delivery contracts for the foreseeable future. NACL Industries was the target of a cyber attack almost two years ago. In that instance a terrorist group, Students for Immediate Neutralization of Chlorine Technology and Energy Reversion (SFINCTER), claimed responsibility for the attack. No arrests have been made in connection with the earlier attack. CAUTIONARY NOTE: This is a future news story –Future ICS Security NewsRead More