| Recurring |
multiple_organization |
(a) The software failure incident having happened again at one_organization:
The article does not mention any previous incidents of a similar ransomware attack happening at Hydro or with its products and services. Therefore, there is no information available to suggest that a similar incident has happened before within the same organization [82020].
(b) The software failure incident having happened again at multiple_organization:
The article mentions that the ransomware attack on Hydro was caused by a relatively new form of ransomware known as LockerGoga. This indicates that similar incidents may have occurred at other organizations or could potentially happen in the future with different targets [82020]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the article is related to the design phase as it mentions that the cyber-attack on Hydro's systems was caused by a relatively new form of ransomware known as LockerGoga. The attack was likely deployed to Hydro's systems manually by an attacker, indicating a design vulnerability that allowed the ransomware to infiltrate the systems [82020].
(b) The software failure incident in the article is also related to the operation phase as it describes how some of Hydro's factories had to halt production and workers had to resort to manual operations using printed order lists due to the cyber-attack. Additionally, employees were instructed not to log in to their computers, and digital systems at Hydro's main smelting plants had to be turned off, impacting the operation of the facilities [82020]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident at Hydro, a major aluminium producer, was caused by a "severe" ransomware attack that affected the company's digital systems, leading to the shutdown of some factories and the switch to manual operations at smelting plants [82020]. The attack impacted the company's ability to access order data, forcing workers to use printed order lists instead of retrieving data from their computers. Additionally, the cyber-attack disrupted the functioning of computerized systems at the main smelting plants, which had to be turned off as a result [82020].
(b) outside_system: The ransomware attack on Hydro's systems was initiated externally, as it was caused by a cyber-attack involving a relatively new form of ransomware known as LockerGoga. The attack was not confirmed to be specifically caused by LockerGoga, but Norwegian security authorities were investigating this possibility. The attack was likely deployed manually by an attacker who gained administrator access to Hydro's systems, indicating an external origin of the contributing factors leading to the software failure incident [82020]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident in this case was caused by a "severe" ransomware attack on one of the world's biggest aluminium producers, Hydro. The attack led to the company switching to manual operations at some smelting plants, halting production at some factories, and forcing workers to use mobile phones and tablets for communication as their computers were affected [82020].
(b) The software failure incident occurring due to human actions:
The article does not provide specific information indicating that the software failure incident was directly caused by human actions. It primarily focuses on the impact of the ransomware attack on Hydro's operations and the measures taken to address the situation. Therefore, the direct human involvement in causing the software failure incident is not explicitly mentioned in the article. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in Article 82020 was not directly attributed to hardware issues. The incident was described as a "severe" ransomware attack affecting one of the world's biggest aluminium producers, Hydro. The attack led to the company switching to manual operations at some smelting plants, halting production at some factories, and causing disruptions in accessing computer systems. The focus of the incident was on cyber-attack and ransomware impact rather than hardware-related failures.
(b) The software failure incident in Article 82020 was primarily attributed to software-related factors. The incident was described as a ransomware attack, specifically mentioning a form of ransomware known as LockerGoga. The attack affected digital systems at Hydro's main smelting plants, leading to the shutdown of computerized systems and the need to revert to less computerized methods to continue production. The incident highlighted the reliance on computerized systems and the impact of the cyber-attack on software operations within the company. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case is malicious. The incident was a "severe" ransomware attack on one of the world's biggest aluminium producers, Hydro, affecting their operations at smelting plants and forcing them to switch to manual operations [82020]. The ransomware attack was suspected to be caused by a relatively new form of ransomware known as LockerGoga, and it was not yet clear who was behind the attack [82020]. The attack led to the shutdown of some factories, disruption of production, and the need to revert to manual processes due to the inability to access computer systems [82020]. The incident required the company to work on containing and neutralizing the attack with the help of Norway's state cyber-security agency [82020].
(b) The software failure incident is non-malicious. The incident was caused by a ransomware attack, which is a type of malicious software designed to block access to a computer system until a sum of money is paid. The attack on Hydro's systems was not intentional on the part of the company but was initiated by external attackers [82020]. The company had to resort to manual operations and backup systems to continue production and mitigate the impact of the attack [82020]. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The software failure incident in Article 82020 was related to a severe ransomware attack on one of the world's biggest aluminium producers, Hydro. The attack led to the company switching to manual operations at some smelting plants. The incident was not caused by poor decisions but rather by a deliberate cyber-attack using ransomware, potentially the LockerGoga ransomware. The attack was likely manually deployed by an attacker who gained administrator access to the systems, indicating a deliberate and malicious intent rather than poor decisions [82020]. |
| Capability (Incompetence/Accidental) |
unknown |
(a) The software failure incident in Article 82020 was not attributed to development incompetence. The ransomware attack on Hydro, one of the world's biggest aluminium producers, was caused by a cyber-attack using a relatively new form of ransomware known as LockerGoga. The attack was not linked to any incompetence in the development process but rather a deliberate malicious act by an external attacker [82020].
(b) The software failure incident in Article 82020 was accidental in the sense that the ransomware attack was not caused by any accidental factors within the development process. It was a deliberate cyber-attack on Hydro's systems, likely deployed manually by an attacker who gained administrator access to the systems. The attack was not accidental but intentional and malicious in nature [82020]. |
| Duration |
temporary |
The software failure incident reported in Article 82020 was temporary. The article mentions that Hydro, one of the world's biggest aluminium producers, switched to manual operations at some smelting plants following a "severe" ransomware attack. Some factories had to halt production, and workers were using printed order lists while being unable to retrieve order data from their computers. However, the firm stated that it was working to contain and "neutralize" the attack and had data backups ready to restore systems once the virus had been dealt with. This indicates that the software failure incident was temporary and efforts were being made to address and recover from the attack [82020]. |
| Behaviour |
omission, other |
(a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [82020].
(b) omission: The incident involves the system omitting to perform its intended functions at some instances, such as workers at some factories using printed order lists while being unable to retrieve order data from their computers [82020].
(c) timing: The software failure incident does not involve the system performing its intended functions correctly but too late or too early [82020].
(d) value: The incident does not describe the system performing its intended functions incorrectly [82020].
(e) byzantine: The behavior of the software failure incident does not involve the system behaving erroneously with inconsistent responses and interactions [82020].
(f) other: The software failure incident in the article involves the system reverting back to less computerized methods to continue production when digital systems had to be turned off at some facilities due to the attack [82020]. |