| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- The article mentions that the city of Atlanta experienced a serious cyberattack in March 2018 where attackers demanded a ransom in Bitcoin [88067].
- The city of Baltimore also faced a ransomware attack where the hackers demanded a ransom in Bitcoin to release the city's files [88067].
(b) The software failure incident having happened again at multiple_organization:
- The article highlights that more than 40 municipalities have been victims of cyberattacks this year, including major cities like Baltimore, Albany, and Laredo, as well as smaller towns like Lake City, Florida [88067].
- The article also mentions that 22 cities across Texas were simultaneously being held hostage for millions of dollars after a sophisticated hacker infiltrated their computer systems and encrypted their data [88067]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident occurring due to the development phases:
- The article mentions that the ransomware attack on various cities in Texas, including Wilmer and Lake City, was a result of sophisticated hackers infiltrating their computer systems and encrypting their data. This attack was instigated by a once-trusted communications channel often used by law enforcement agencies, managed by a private systems-management firm, which allowed the hackers to target one system and then gain access to municipal networks across the state [88067].
- The attackers behind the cyberattack in Texas were described as a "single threat actor," possibly a group, indicating a coordinated effort to exploit vulnerabilities in the systems developed and maintained by the affected cities [88067].
(b) The software failure incident occurring due to the operation phases:
- The article highlights that the ransomware attacks on cities like Wilmer and Kaufman led to significant disruptions in their operations, forcing city employees to conduct business manually instead of through computers. For example, in Kaufman, city staff members had to resort to using their cellphones due to the disabled phone system [88067].
- The impact of the ransomware attacks on the affected cities' operations was severe, with systems remaining down, email systems inaccessible, and state troopers unable to use computer systems in their patrol cars, resorting to writing out tickets by hand [88067]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident described in the articles is primarily due to contributing factors that originate from within the system. The failure was caused by a ransomware attack where the hackers infiltrated the computer systems of various cities and encrypted their data, rendering it inaccessible without the decryption key [88067]. The attack targeted vulnerabilities within the municipal networks, exploiting once-trusted communications channels and vintage software used by small city governments that lacked strong cyberdefense measures. The attack led to the disruption of various services, including city halls, public libraries, police departments, and emergency communications systems [88067]. The ransomware incident directly impacted the integrity and functionality of the affected systems, highlighting the within-system nature of the failure.
(b) outside_system: While the ransomware attack itself was initiated by external actors (hackers), the contributing factors that enabled the attack to be successful were primarily within the system. The attackers exploited vulnerabilities within the municipal networks, such as outdated software, lack of strong cyberdefense measures, and reliance on once-trusted communication channels managed by private firms [88067]. The external threat actors targeted these internal weaknesses to infiltrate the systems and carry out the ransomware attack. The failure was not caused by external factors beyond the control of the system but rather by internal system vulnerabilities that were exploited by external attackers. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident in Wilmer, Texas, and other cities across Texas was caused by a sophisticated hacker or group of hackers who infiltrated the computer systems and encrypted the data, leading to a ransomware attack [88067]. The attack instigated a statewide disaster-style response involving the National Guard and a widening F.B.I. inquiry. The ransomware attack affected various municipalities, including small towns and major cities, disrupting services like water, power, emergency communications, and vote counting [88067].
(b) The software failure incident occurring due to human actions:
In response to the ransomware attack, some cities like Lake City, Florida, decided to pay the ransom demand in Bitcoin, as they believed reconstructing their systems would be more costly than paying the ransom [88067]. Additionally, the article mentions that some cities have shown an increased willingness to pay ransoms, which has encouraged criminals to develop new and more powerful forms of encryption and inject the code into computer networks [88067]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The article mentions that the entire computer network of Wilmer, Texas, was hacked, leading to the town being thrown into the digital Dark Ages [Article 88067].
- The attack on the Department of Public Safety in Georgia resulted in the computer network remaining down, with every device, including laptops and tablets, being examined and reconfigured [Article 88067].
- The attack on Allentown, Pennsylvania, was facilitated when an employee unwittingly clicked on a phishing email, leading to the spread of malware throughout the city government's computers [Article 88067].
(b) The software failure incident occurring due to software:
- The ransomware attacks on various cities, including Wilmer, Lake City, Atlanta, and Baltimore, were primarily caused by sophisticated hackers infiltrating computer systems and encrypting data [Article 88067].
- The malware attacks, such as Sodinokibi, targeted various cities in Texas, leading to the encryption of data and disruption of services [Article 88067].
- The ransomware incidents highlighted in the article demonstrate how criminals have turned to new and more powerful forms of encryption and more ingenious ways of injecting the code into computer networks, leading to successful attacks [Article 88067]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The objective of the software failure incident was malicious, as it was caused by a sophisticated hacker or group of hackers who infiltrated the computer systems of multiple cities in Texas and encrypted their data, demanding ransom payments in exchange for decryption keys. The attacks were identified as ransomware attacks, where the attackers intentionally locked up data and systems to extort money from the affected municipalities [88067].
(b) The software failure incidents were non-malicious in the sense that they were not caused by accidental errors or system faults, but rather by deliberate actions of threat actors seeking financial gain through ransom payments. The attacks were not random but targeted, with the hackers investing profits back into research and development to make their attacks more precise and effective. The affected cities, lacking strong cyberdefenses and using outdated software, were specifically chosen as vulnerable targets for these ransomware attacks [88067]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incidents, particularly ransomware attacks on various cities and municipalities, can be attributed to poor decisions made by local governments in terms of cybersecurity measures and preparedness [88067].
- Cities and towns targeted by ransomware attacks were often described as having outdated systems, lack of budget for strong cyberdefense, and not updating their software, making them vulnerable to such attacks [88067].
- Some cities, like Lake City, Florida, ended up paying ransom demands because they believed that reconstructing their systems would be even more costly, indicating a lack of proper risk assessment and decision-making processes [88067].
- The article highlights that the ransomware business has become lucrative for hackers, leading them to invest profits back into research and development to make their attacks more precise and sophisticated, indicating a cycle perpetuated by poor decisions made by paying ransoms [88067].
(b) The intent of the software failure incident related to accidental_decisions:
- Accidental decisions or mistakes were also evident in the software failure incidents, such as employees unwittingly clicking on phishing emails that spread malware, as seen in the case of Allentown, Pennsylvania [88067].
- The accidental nature of decisions leading to software failures is highlighted in the example of an employee from Allentown who missed software updates while traveling and inadvertently introduced malware into the city government's systems [88067].
- Accidental decisions also played a role in the spread of malware in the case of the attack on Baltimore city computers, where an employee's actions led to the encryption of files and the demand for ransom [88067]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident occurring due to development incompetence:
- The article discusses how small city governments, such as Wilmer, Texas, have become favorite targets for ransomware attacks due to their lack of budget and sophistication for strong cyberdefense [88067].
- It mentions that sleepy, cash-strapped local governments are the least likely to have updated their cyberdefenses or backed up their data, making them vulnerable to cyberattacks [88067].
- The attack on the Department of Public Safety in Georgia was particularly hard-hitting, with the computer network remaining down and every device needing examination and reconfiguration [88067].
(b) The software failure incident occurring accidentally:
- The article does not provide specific instances of software failure incidents occurring accidentally. |
| Duration |
temporary |
(a) The software failure incident described in the articles is temporary. The incident involved ransomware attacks on multiple cities in Texas, causing their computer networks to be hacked and data encrypted. The affected cities had to resort to manual processes, such as writing out tickets and conducting business manually, while their computer systems were down [88067].
The temporary nature of the software failure is evident from the efforts made to restore the affected systems. Teams of state and federal cybersecurity experts, including the National Guard, were involved in restoring the networks and recovering data in the affected cities. For example, in Wilmer, a team of National Guard specialists arrived to work on restoring the network and recovering data, aiming to have the city's systems fully operational in two to three weeks [88067]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident described in the articles can be categorized as a crash. The incident involved the entire computer network of a small town being hacked, leading to the loss of functionality and the system being thrown into a state where basic services like water, power, emergency communications, and vote counting were disrupted [88067].
(b) omission: The software failure incident can also be categorized as an omission. The system omitted to perform its intended functions as police officers had to resort to writing tickets by hand, and the public library had to check out books manually due to the network being hacked and encrypted, leading to the omission of automated processes [88067].
(c) timing: The software failure incident does not align with a timing failure as the system was not described as performing its intended functions either too late or too early. The primary issue was the loss of functionality and the disruption caused by the ransomware attack [88067].
(d) value: The software failure incident can be associated with a value failure as the system was performing its intended functions incorrectly after being hacked and encrypted, leading to disruptions in services and loss of confidence in the integrity of the systems handling basic services [88067].
(e) byzantine: The software failure incident does not align with a byzantine failure as there were no mentions of inconsistent responses or interactions within the system. The primary issue was the encryption of data and the loss of functionality due to the ransomware attack [88067].
(f) other: The software failure incident can be further categorized as a denial-of-service (DoS) attack, where the system was rendered inoperable or significantly disrupted due to the ransomware attack, leading to a halt in normal operations and services [88067]. |