The San Francisco papers continue to seek answers, along with safety regulators, about the San Bruno pipeline explosion. They say today PG&E employees are being held back from investigators because “they were too traumatized to be questioned”

This explosion should soon figure into every security for critical infrastructure review. Here is a good example why:

The safety board, which is leading the probe, said the pressure spike was caused by a power outage at an unmanned terminal in Milpitas, the end point of the 46-mile pipeline that runs through San Bruno.

An attack vector is now publicly open to discussion. Shutdown power in just one terminal, or increase flow by only ten pounds per square inch, and you can blow a high-risk natural gas pipeline. The threat profiles will now change in response, whether or not this was a one-time incident caused by a weakened line and the fact that it took PG&E 34 minutes after the explosion until crews were dispatched to manually close valves.

Now SIEM companies can talk all they want about detecting sophisticated malware that takes 8 months and 4 crack programmers from a powerful nation-state to create, with no known impact (e.g. Stuxnet), and I will have to say “let’s talk about San Bruno”. How and why did real-time dashboards fail on September 10, 2010?