Incident: Cyber Attack on Norwegian Parliament's Computer Systems via Microsoft Exchange.

Published Date: 2021-03-10

Postmortem Analysis
Timeline 1. The software failure incident of hackers infiltrating the Norwegian Parliament's computer systems and extracting data happened just six months after a previous cyber attack was made public [112327]. 2. The article was published on 2021-03-10. 3. Estimation: - The previous cyber attack was made public in September, as mentioned in the article. - The article was published on 2021-03-10. Therefore, the software failure incident of hackers infiltrating the Norwegian Parliament's computer systems and extracting data likely occurred in March 2021.
System 1. Microsoft's Exchange software [112327]
Responsible Organization 1. Unknown hackers infiltrated the Norwegian Parliament's computer systems, exploiting a vulnerability in Microsoft's Exchange software, leading to the software failure incident [Article 112327].
Impacted Organization 1. The Norwegian Parliament [112327]
Software Causes 1. The software causes of the failure incident were linked to a "vulnerability" in Microsoft's Exchange software, as reported by the Norwegian Parliament [112327].
Non-software Causes 1. The attack on the Norwegian Parliament's computer systems was linked to a "vulnerability" in Microsoft's Exchange software, indicating a potential security flaw in the software itself [112327].
Impacts 1. Data extraction from the Norwegian Parliament's computer systems occurred due to the hack, impacting the security and confidentiality of sensitive information [Article 112327]. 2. The incident was described as an attack on democracy, highlighting the severity of the breach [Article 112327]. 3. The software vulnerability in Microsoft's Exchange software was exploited by the hackers, indicating a potential flaw in the software that led to the breach [Article 112327].
Preventions 1. Regular software updates and patch management to address vulnerabilities in Microsoft's Exchange software could have prevented the software failure incident [112327]. 2. Implementation of robust cybersecurity measures such as intrusion detection systems, firewalls, and access controls could have helped in detecting and preventing the hackers from infiltrating the system [112327]. 3. Conducting regular security audits and penetration testing to identify and address potential weaknesses in the system's defenses could have enhanced the overall security posture and potentially prevented the attack [112327].
Fixes 1. Patching the vulnerability in Microsoft's Exchange software that was exploited by the hackers [112327].
References 1. Norwegian Parliament officials 2. Parliament President Tone Wilhelmsen Troen 3. Norwegian foreign minister Ine Eriksen Soereide 4. Microsoft (MSFT.O) 5. Hackers (unknown) 6. Investigation team 7. Reuters (Gwladys Fouche, Terje Solsvik) [112327]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident having happened again at one_organization: The article [112327] reports that the Norwegian Parliament experienced another cyber attack just six months after a previous attack. The previous attack, which was made public in September, was also mentioned in the article. This indicates that the software failure incident happened again within the same organization, the Norwegian Parliament. (b) The software failure incident having happened again at multiple_organization: There is no information in the provided article to suggest that the software failure incident happened again at multiple organizations.
Phase (Design/Operation) design, operation (a) The software failure incident in the Norwegian Parliament's computer systems was linked to a "vulnerability" in Microsoft's Exchange software, indicating a failure due to contributing factors introduced during the design phase of the system [112327]. (b) The operation phase was also a contributing factor in the software failure incident as hackers were able to infiltrate the system and extract data, highlighting a failure due to factors introduced by the operation or misuse of the system [112327].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident in the Norwegian Parliament's computer systems was linked to a "vulnerability" in Microsoft's Exchange software, indicating that the contributing factor originated from within the system [112327]. (b) outside_system: The attack by unknown hackers was mentioned to be an "international problem," suggesting that the hackers infiltrating the system were external to the system, indicating an outside system contributing factor [112327].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in the Norwegian Parliament's computer systems was attributed to hackers infiltrating the systems through a "vulnerability" in Microsoft's Exchange software. This vulnerability in the software allowed the hackers to extract data, indicating a failure due to contributing factors introduced without human participation [112327]. (b) The previous cyber attack on the Norwegian Parliament, which occurred six months before this incident, was attributed to Russia. However, there was no evidence at the time that the two attacks were linked, suggesting that the failure in the previous attack was due to contributing factors introduced by human actions [112327].
Dimension (Hardware/Software) software (a) The software failure incident reported in Article 112327 was linked to a "vulnerability" in Microsoft's Exchange software. This vulnerability in the software allowed hackers to infiltrate the Norwegian Parliament's computer systems and extract data. The incident was specifically attributed to a flaw in the software, rather than any hardware-related issues [112327].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in this case is malicious. Hackers infiltrated the Norwegian Parliament's computer systems and extracted data, with the attack linked to a vulnerability in Microsoft's Exchange software. The parliament described it as an "attack on our democracy" and highlighted the severity of the incident, especially given the timing close to a parliamentary election and during the handling of a pandemic. The previous attack, also mentioned in the article, was attributed to Russia [112327].
Intent (Poor/Accidental Decisions) poor_decisions (a) The intent of the software failure incident related to poor_decisions: - The software failure incident in the Norwegian Parliament's computer systems was linked to a "vulnerability" in Microsoft's Exchange software, indicating a failure due to contributing factors introduced by poor decisions [112327]. (b) The intent of the software failure incident related to accidental_decisions: - There is no specific mention in the article about the software failure incident being related to accidental decisions.
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident in the Norwegian Parliament's computer systems was linked to a "vulnerability" in Microsoft's Exchange software, indicating a potential failure due to development incompetence, as vulnerabilities are often introduced during the development process [112327]. (b) The incident was described as an "attack" by hackers, suggesting a deliberate and malicious action rather than an accidental failure [112327].
Duration temporary The software failure incident reported in Article 112327 was temporary. The incident involved hackers infiltrating the Norwegian Parliament's computer systems due to a "vulnerability" in Microsoft's Exchange software. This incident was described as an "international problem" and was more severe than a previous cyber attack. The parliament president highlighted the severity of the attack, especially given the timing close to a parliamentary election and during the handling of a pandemic. An investigation was ongoing to determine the extent of the data extraction. Additionally, it was mentioned that the previous attack, attributed to Russia, was separate from the recent incident, indicating that the two attacks were not linked [112327].
Behaviour value, other (a) crash: The software failure incident in Article 112327 does not explicitly mention a crash where the system loses state and does not perform any of its intended functions. (b) omission: The incident does not describe the failure as an omission where the system omits to perform its intended functions at an instance(s). (c) timing: The incident does not indicate a timing failure where the system performs its intended functions correctly but too late or too early. (d) value: The failure in the article is related to the system performing its intended functions incorrectly. The hackers infiltrated the Norwegian Parliament's computer systems and extracted data due to a vulnerability in Microsoft's Exchange software, leading to the system behaving erroneously and compromising data security [112327]. (e) byzantine: The incident does not suggest a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident in Article 112327 can be categorized as a security breach caused by a vulnerability in the software, leading to unauthorized access and data extraction by hackers.

IoT System Layer

Layer Option Rationale
Perception network_communication, embedded_software The software failure incident reported in Article 112327 is related to a cyber attack on the Norwegian Parliament's computer systems. The attack was linked to a "vulnerability" in Microsoft's Exchange software, indicating a potential flaw in the embedded software [112327]. The hackers infiltrated the system and extracted data, suggesting a breach in the network communication [112327]. The incident does not specifically mention sensor, actuator, or processing unit errors as contributing factors to the failure.
Communication connectivity_level The software failure incident reported in Article 112327 was related to a cyber attack on the Norwegian Parliament's computer systems. The attack was linked to a "vulnerability" in Microsoft's Exchange software, indicating a potential issue at the connectivity_level, which refers to contributing factors introduced by the network or transport layer. This suggests that the failure was not directly related to the link_level, which involves factors introduced by the physical layer (wired or wireless).
Application TRUE The software failure incident reported in Article 112327 was related to a cyber attack on the Norwegian Parliament's computer systems. The attack was linked to a "vulnerability" in Microsoft's Exchange software, indicating that the failure was indeed related to the application layer of the cyber physical system. This vulnerability in the software allowed hackers to infiltrate the system and extract data, leading to a significant security breach [112327].

Other Details

Category Option Rationale
Consequence property (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident involving the hack on the Norwegian Parliament's computer systems resulted in data being extracted by hackers. This breach of security led to a potential impact on people's data and information stored within the parliament's systems [112327].
Domain government (a) The failed system in this incident was related to the government industry as it targeted the Norwegian Parliament's computer systems [112327]. The attack was described as an "attack on our democracy" by the parliament President, highlighting the significance of the incident in the context of the upcoming parliamentary election and the handling of the pandemic [112327]. (l) The incident specifically targeted the Norwegian Parliament, which falls under the government industry, emphasizing the impact on politics, defense, justice, taxes, and public services [112327]. The attack was considered severe, and the parliament President emphasized the importance of safeguarding democracy in the face of such cyber threats [112327].

Sources

Back to List