Cyber-physical systems connect the computing world and the real, physical world. Some examples include systems in aerospace, automotive, chemical processes, civil infrastructure, healthcare, manufacturing, etc. As we go forward what happens, good or bad, in the cyber world can potentially have lasting consequences for people and things.
Take for example industrial control systems that can be both responsive and susceptible to cyber activity. These systems remain vulnerable to both accidental and directed events. One of a handful of publicly known malware specimens designed to purposefully disrupt physical equipment was most recently reported in 2017. This ICS malware called Triton (also known as Trisis or HatMan) was discovered on equipment in the Middle East. Previous publicly known cyber-physical attacks include Stuxnet, appearing around 2010, which disrupted uranium enrichment centrifuges in Iran and Industroyer (also known as CrashOverride) which targeted Ukraine’s power systems in 2016.
FireEye first released reports on Triton in December 2017. ICS-CERT issued an alert in December 2017 as well as an updated malware analysis report in April 2018. Dragos and Midnight Blue also released analyses.
Triton is the first known malware designed to compromise industrial safety systems. It specifically targets Schneider Electric Triconex safety controllers which are often used in oil and gas facilities, sometimes in nuclear facilities or in manufacturing plants. If they fail, the system will be operating without a safety net.
The facility in the Middle East failed safely and plant operations halted without harm to people or property. Schneider Electric advised they would be working closely with their customer, independent cybersecurity organizations, and ICS-CERT to understand and mitigate this risk on their safety systems.
No comments:
Post a Comment