Mysterious safety-tampering malware infects a second critical infrastructure site

 In Biz & IT, critical infrastructure, industrial control systems, malware, Policy, triton

Mysterious safety-tampering malware infects a second critical infrastructure site

Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Critical infrastructure sites such as this oil refinery in Port Arthur, Texas, rely on safety systems.

Enlarge / Critical infrastructure sites such as this oil refinery in Port Arthur, Texas, rely on safety systems. (credit: IIP Photo Archive)

Sixteen months ago, researchers reported an unsettling escalation in hacks targeting power plants, gas refineries, and other types of critical infrastructure. Attackers who may have been working on behalf of a nation caused an operational outage at a critical-infrastructure site after deliberately targeting a system that prevented health- and life-threatening accidents.

There had been compromises of critical infrastructure sites before. What was unprecedented in this attack—and of considerable concern to some researchers and critical infrastructure operators—was the use of an advanced piece of malware that targeted the unidentified site’s safety processes. Such safety instrumented systems (SIS) are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising. When gas fuel pressures or reactor temperatures rise to potentially unsafe thresholds, for instance, a SIS will automatically close valves or initiate cooling processes to prevent health- or life-threatening accidents.

By focusing on the site’s SIS, the malware carried the threat of physical destruction that depending on the site and the type of accident had the potential to be serious if not catastrophic. The malware was alternately named Triton and Trisis, because it targeted the Triconex product line made by Schneider Electric. It’s development was ultimately linked to a Russian government-backed research institute.

Read 7 remaining paragraphs | Comments

Use of game-changing Triton malware to target safety systems isn’t an isolated incident.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt