| Recurring |
multiple_organization |
(a) The software failure incident related to the hack on the European Medicines Agency (EMA) involving the Pfizer and BioNTech Covid-19 vaccine submission is a unique incident for these specific organizations. There is no mention in the articles of a similar incident happening before within these organizations.
(b) The articles mention previous incidents of hackers targeting research data related to the coronavirus and vaccines under development at various organizations. For example, in July, the UK's National Cyber Security Center reported on a hacking group targeting pharmaceutical companies and academic institutions [108756]. Additionally, federal prosecutors indicted two Chinese nationals for attempting to break into networks at biotech firms working on Covid-19 vaccines [108756]. Furthermore, Microsoft reported that hackers from Russia and North Korea targeted prominent companies involved in Covid-19 research in multiple countries [108756]. These incidents indicate that similar software failure incidents have occurred at multiple organizations involved in Covid-19 research. |
| Phase (Design/Operation) |
design |
(a) The software failure incident related to the design phase can be seen in the hack on the European Medicines Agency (EMA) where documents relating to the regulatory submission for Pfizer and BioNTech’s Covid-19 vaccine candidate were unlawfully accessed. This breach occurred due to a cyberattack on the EMA's system, indicating a failure introduced by system development or updates [108756].
(b) The software failure incident related to the operation phase is not explicitly mentioned in the provided article. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident reported in the articles is primarily due to contributing factors that originate from within the system. The breach and unauthorized access to vaccine-related documents stored on the European Medicines Agency (EMA) server were a result of a cyberattack [108756]. The incident involved the EMA's own system being compromised, leading to the unlawful access of sensitive information related to the Pfizer and BioNTech Covid-19 vaccine candidate. Additionally, the EMA spokesperson mentioned that despite the cyberattack, the agency remains fully functional, indicating that the core system itself was affected by the breach. |
| Nature (Human/Non-human) |
human_actions |
(a) The software failure incident in this case was not due to non-human actions but rather a cyberattack by hackers targeting the European Medicines Agency (EMA) to unlawfully access documents related to the regulatory submission for the Pfizer and BioNTech Covid-19 vaccine candidate [108756].
(b) The software failure incident was a result of human actions, specifically a cyberattack orchestrated by hackers targeting the EMA to access documents related to the regulatory submission for the Pfizer and BioNTech Covid-19 vaccine candidate [108756]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in the articles is not related to hardware issues but rather to a cyberattack on the European Medicines Agency (EMA) leading to the unlawful access of documents related to the regulatory submission for Pfizer and BioNTech's Covid-19 vaccine candidate [108756].
(b) The software failure incident is attributed to a cyberattack on the EMA's systems, indicating a failure originating in software security vulnerabilities rather than hardware issues [108756]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case is malicious. The European Medicines Agency (EMA) was subject to a cyberattack where documents relating to the regulatory submission for Pfizer and BioNTech's Covid-19 vaccine candidate were unlawfully accessed by hackers [108756]. Additionally, there have been reports of various hacking groups targeting pharmaceutical companies and academic institutions working on potential vaccines for Covid-19, indicating a malicious intent to disrupt or gain unauthorized access to sensitive information [108756]. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident, in this case, was not due to poor decisions but rather a deliberate cyberattack on the European Medicines Agency (EMA) to unlawfully access documents related to the regulatory submission for Pfizer and BioNTech's Covid-19 vaccine candidate [108756].
(b) The intent of the software failure incident related to accidental_decisions:
- The software failure incident was not accidental but rather a result of a cyberattack on the EMA to unlawfully access vaccine-related documents [108756]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident related to development incompetence is not explicitly mentioned in the provided article. Therefore, it is unknown whether the incident was caused by factors introduced due to lack of professional competence by humans or the development organization.
(b) The software failure incident related to accidental factors is evident in the article. The breach on the European Medicines Agency's server, leading to the unlawful access of documents relating to the regulatory submission for Pfizer and BioNTech's Covid-19 vaccine candidate, was accidental in nature. The breach was described as a cyberattack, and it was not specified whether the attackers sought vaccine information, tried to infect the network with ransomware, or had another purpose in mind [108756]. |
| Duration |
unknown |
The articles do not provide specific information about the duration of the software failure incident related to the hack on the European Medicines Agency (EMA) and the unauthorized access to documents related to the Pfizer and BioNTech Covid-19 vaccine candidate. Therefore, the duration of the software failure incident being permanent or temporary is unknown. |
| Behaviour |
crash, other |
(a) crash: The software failure incident in the article is related to a cyberattack on the European Medicines Agency (EMA) resulting in the unlawful access of documents related to the regulatory submission for Pfizer and BioNTech's Covid-19 vaccine candidate. This incident can be categorized as a crash as the system lost its state due to the cyberattack, impacting its intended functions [108756].
(b) omission: The incident does not specifically mention any omission of the system's intended functions. However, the unauthorized access to documents could potentially lead to the omission of critical information or data integrity issues [108756].
(c) timing: The timing of the software failure incident is not directly related to the system performing its intended functions too late or too early. The focus of the incident is on the cyberattack and unlawful access to vaccine-related documents [108756].
(d) value: The software failure incident does not involve the system performing its intended functions incorrectly. Instead, the issue lies in the unauthorized access to sensitive documents stored on the EMA server [108756].
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The incident primarily involves a cyberattack and unauthorized access to vaccine-related documents [108756].
(f) other: The behavior of the software failure incident can be categorized as a security breach resulting from a cyberattack. The attackers unlawfully accessed documents related to the regulatory submission for Pfizer and BioNTech's Covid-19 vaccine candidate stored on the EMA server, indicating a breach in the system's security protocols [108756]. |