A key section of the data communications network of the gas pipeline that would transmit an alarm when the pipeline was operating outside of acceptable conditions was never connected by the contractor hired by Gazprom to install the system according to documents obtained by GUR hackers, and confirmed to Inside Cyber Warfare by one of the cyber operators involved in causing the explosion and fire at the Urengoy gas field last week.
The schematics included in this article are not mean’t to show how the sabotage was done, merely that the data needed to plan and implement an attack was available to GUR hackers. The “how” part of this operation will not be disclosed publicly for obvious reasons.
The above schematic is part of the updated thirty page data communications plan for the Urengoy NGCC (Natural Gas Combined Cycle) plant. The X’s on both sides show that the security alarms were not working at the time of that update (2011), nor had they been connected in 2020 when Gazprom was looking for a new vendor to complete the work, nor last week when the explosion occurred.
The above table is one of seven pages of equipment for use in the NGCC. The foreign manufacturers include Cisco, Dell, HP, Citect (now a part of Schneider Electric), Acronis, and Microsoft. Citect makes SCADA control products and was acquired by Schneider Electric in 2008. Acronis makes backup, disaster recovery, cybersecurity, and endpoint management solutions.