US Power Grids, Oil and Gas Industries, and Risk of Hacking

A report released in June, from the security firm Dragos, describes a worrisome development by a hacker group named, “Xenotime” and at least two dangerous oil and gas intrusions and ongoing reconnaissance on United States power grids.

Multiple ICS (Industrial Control Sectors) sectors now face the XENOTIME threat; this means individual verticals – such as oil and gas, manufacturing, or electric – cannot ignore threats to other ICS entities because they are not specifically targeted.

The Dragos researchers have termed this threat proliferation as the world’s most dangerous cyberthreat since an event in 2017 where Xenotime had caused a serious operational outage at a crucial site in the Middle East. 

The fact that concerns cybersecurity experts the most is that this hacking attack was a malware that chose to target the facility safety processes (SIS – safety instrumentation system).

For example, when temperatures in a reactor increase to an unsafe level, an SIS will automatically start a cooling process or immediately close a valve to prevent a safety accident. The SIS safety stems are both hardware and software that combine to protect facilities from life threatening accidents.

At this point, no one is sure who is behind Xenotime. Russia has been connected to one of the critical infrastructure attacks in the Ukraine.  That attack was viewed to be the first hacker related power grid outage.

This is a “Cause for Concern” post that was published by Dragos on June 14, 2019

“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern. XENOTIME has successfully compromised several oil and gas environments which demonstrates its ability to do so in other verticals. Specifically, XENOTIME remains one of only four threats (along with ELECTRUM, Sandworm, and the entities responsible for Stuxnet) to execute a deliberate disruptive or destructive attack.

XENOTIME is the only known entity to specifically target safety instrumented systems (SIS) for disruptive or destructive purposes. Electric utility environments are significantly different from oil and gas operations in several aspects, but electric operations still have safety and protection equipment that could be targeted with similar tradecraft. XENOTIME expressing consistent, direct interest in electric utility operations is a cause for deep concern given this adversary’s willingness to compromise process safety – and thus integrity – to fulfill its mission.

XENOTIME’s expansion to another industry vertical is emblematic of an increasingly hostile industrial threat landscape. Most observed XENOTIME activity focuses on initial information gathering and access operations necessary for follow-on ICS intrusion operations. As seen in long-running state-sponsored intrusions into US, UK, and other electric infrastructure, entities are increasingly interested in the fundamentals of ICS operations and displaying all the hallmarks associated with information and access acquisition necessary to conduct future attacks. While Dragos sees no evidence at this time indicating that XENOTIME (or any other activity group, such as ELECTRUM or ALLANITE) is capable of executing a prolonged disruptive or destructive event on electric utility operations, observed activity strongly signals adversary interest in meeting the prerequisites for doing so.”

Measuring Industrial Effluent Flow in the Presence of Solids, Fibers, and High Turbidity

Measuring Industrial Effluent Flow
LaserFlow Installation
A manufacturer of high-quality staple fiber and caustic soda treats approximately 3,500,000 gallons of waste water per day from three (3) production units. The effluent from each of these production units varies. In order to optimize the treatment, accurate flow information from each unit is important. Wastewater from two of the production units is clear and without any solid particles; therefore, it can be easily pumped and measured with a closed pipe flow meter.

To reduce energy costs resulting from pumping, the effluent from the third production unit is sent to the treatment plant via gravity feed. The channel is 4.3 feet wide and 5.9 feet high. Therefore, the waste stream must be metered using an open channel method.

LaserFlow Installation
(looking downward)
Popular flow metering technologies and methodologies presented various problems and challenges as detailed in the table below:

Possibility 1 - Weir with level measurement. Problem: Weirs frequently clog with solids con-tent and require periodic cleaning to get accurate readings. This requires costly plant shutdowns.

Possibility 2 - Flume with level measurement. Problem: Building a flume to the dimensions of the channel is very expensive. It also requires a costly plant shutdown.

Possibility 3 - Area-velocity flow sensor (contact/in situ).
Problem: Debris and solid particles may cover the sensor and hinder velocity measurement.

Possibility 4 - Transit-time.
Problem: Solid particles reflect the ultrasonic signal from the transmitter, blocking it from the receiver. It also requires a costly plant shutdown.


Teledyne ISCO LaserFlow
Teledyne ISCO LaserFlow
Teledyne Isco’s LaserFlow Non-Contact Area Velocity Flow Sensor offered an ideal solution to
the site’s metering challenges. The above-water installation of this laser Doppler flow meter is not threatened by the list of potential issues above. Additionally, because it is installed above the water, the installation of the Laser-Flow did not require a plant shutdown.

The LaserFlow remotely measures the level and velocity of the flow in the influent channel. By using an ultrasonic level measurement, the sensor calculates a subsurface point at which to focus an optical laser. The Doppler frequency shift of the returned light is proportionate to the water’s velocity. The LaserFlow is able to measure velocities at up to fifteen points below the water’s surface. This minimizes the effects of turbulence and eliminates the need for manual profiling. By producing exceptionally accurate mean velocity readings and level measurements, the LaserFlow renders some of the most accurate area velocity measurement results in the industry. Additionally, due to the non-contact nature of the LaserFlow sensor, personnel safety is improved and operating costs are greatly reduced.

System Integration and Reporting

The LaserFlow, in conjunction with the Signature Flow Meter, collects level, velocity, and flow parameters that are outputted via 4-20 mA signals and received by the customer’s distributed control system (DCS). These parameters are used in conjunction with others by the DCS to provide comprehensive process control throughout the facility.

The Signature is unique in its ability to verify data integrity as four of its logged data types cannot be altered and are designed to alert the user to any trends or anomalies. This makes the LaserFlow and the Signature excellent choices for creating regulatory compliance reports.

For more information on the Teledyne ISCO LaserFlow, or to discuss your effluent flow challenge, contact Advance Instruments by calling (888) 388-6446 or by visiting

White Paper: The Ins and Outs of I/P Transducers

Overall, I/P’s are relatively simple devices, but there are numerous factors to consider before selecting one. The information that follows should provide you with a complete understanding of the factors involved in making the correct product selection, installation, and maintenance. When chosen, installed, and maintained correctly, I/P’s should provide many years of reliable service.

Table of Contents

  • Principle of Operation
  • Electrical Considerations
  • Pneumatic Requirements
  • Accuracy
  • Calibration
  • Mounting Options
  • Media
  • Safety Ratings
  • Troubleshooting

For more information, contact Advance Instruments by calling (888) 388-6446 or by visiting their website at