However, what was not explained is how a critical overpressure event could have occurred without safety systems kicking into action. Two LNG pipeline experts I talked to, who both asked to remain anonymous due to potential retaliatory damage to their business interests, say that pipeline corrosion and other material failures can cause critical incidents. Still, the FBI’s investigative involvement, the specific nature of this explosion, and the scale of damage incurred do raise major questions. The experts suggested that piping from a storage tank to a terminal, as in this explosion, should have extensive safeguards to prevent overpressure events. One expert was highly confident that control of pipeline flows would be undertaken from a networked control facility.

That brings us to the Russian cyber unit involved in the targeting reconnaissance against Freeport LNG.

Named XENOTIME by researchers, the unit has utilized boutique TRITON/TRISIS malware developed by the Russian Ministry of Defense’s Central Scientific Research Institute of Chemistry and Mechanics. That malware is designed for the seizure of industrial control systems and the defeat of associated safety systems. In 2017, GCHQ (Britain’s NSA-equivalent signals intelligence service) outlined the need for network compartmentalization to protect safety systems against this malware better. In March 2022, the FBI warned that TRISIS malware remained a threat.