| Recurring |
multiple_organization |
(a) The software failure incident having happened again at one_organization:
The article does not provide specific information about a similar incident happening again within the same organization or with its products and services. Therefore, it is unknown if a similar incident has occurred again at the same organization.
(b) The software failure incident having happened again at multiple_organization:
The article mentions that nearly two dozen communities in Texas were hit by a cyberattack linked to a Russia-based criminal syndicate. This indicates that similar incidents have occurred at multiple organizations or cities within Texas [116849]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident in Borger, Texas, was primarily due to a cyberattack that targeted the city's computer system, leading to workers being frozen out of files, printers demanding money, and various disruptions to government services [116849]. This incident can be attributed to design-related factors introduced by the system development and the vulnerabilities in the technology services provided to local governments by TSM Consulting Services.
(b) The operation-related failure in Borger included the inability of residents to pay water bills, the government being unable to print checks, and police officers facing difficulties in retrieving certain records [116849]. These operational disruptions were a direct result of the cyberattack on the city's systems, impacting the day-to-day functioning of various government services. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident described in the article was primarily caused by factors originating from within the system. The attack was initiated by hackers who gained access to the networks through an attack on TSM Consulting Services, a Texas firm that provides technology services to local governments. The attackers then used screen-sharing software and remote administration to seize control of the networks of some of the company's clients, leading to the disruption of government services in multiple Texas communities [116849].
(b) outside_system: The software failure incident also involved contributing factors that originated from outside the system. The cyberattack on the Texas communities was linked to a Russia-based criminal syndicate, specifically the REvil group. The hackers were located half a world away and were able to infiltrate the systems of various cities and towns in Texas, causing disruptions to government services and impacting daily life for residents. The attack was a result of external threats posed by cybercriminals targeting vulnerable systems [116849]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the Texas communities was primarily due to non-human actions, specifically a cyberattack orchestrated by a Russia-based criminal syndicate. The attack involved ransomware that encrypted government files, disrupted services, and demanded money from the affected cities [116849].
(b) Human actions also played a role in the software failure incident as the attackers gained access to the networks through an attack on TSM Consulting Services, a Texas firm that provides technology services to local governments. The attackers utilized screen-sharing software and remote administration to seize control of the networks of some of the company's clients, leading to the widespread impact on the Texas communities [116849]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The ransomware attack on Texas communities in 2019 was initiated through an attack on TSM Consulting Services, a Texas firm that provides technology services to local governments. The attackers gained control of networks through screen-sharing software and remote administration, indicating a hardware-related vulnerability [116849].
(b) The software failure incident occurring due to software:
- The ransomware attack on Texas communities in 2019 was primarily a software failure incident caused by the cyberattack orchestrated by a Russia-based criminal syndicate. The attack encrypted government files, disrupted services, and affected various systems, highlighting a software-related issue [116849]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. It was a cyberattack involving ransomware that targeted multiple Texas communities, including Borger, with the objective of disrupting government services and extorting money from the victims. The attack was linked to a Russia-based criminal syndicate known as REvil, which gained access to the networks through a Texas firm providing technology services to local governments [116849]. The attackers encrypted government files, demanded ransom payments, and disrupted essential services such as water supply systems and law enforcement databases. The incident was a deliberate act aimed at causing harm and financial gain for the attackers. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident described in the article was primarily due to poor decisions made by the hackers who carried out the ransomware attack on multiple Texas communities. The hackers, affiliated with the Russia-based criminal syndicate REvil, gained access to the networks through an attack on TSM Consulting Services, a Texas firm providing technology services to local governments [116849]. The attack led to disruptions in government services, including the inability to pay water bills, print checks, or access certain records. The city of Vernon even received a ransom demand of $2.5 million but chose not to pay it [116849].
Additionally, the attack impacted various aspects of daily life, such as the loss of body-camera videos for the police department in Graham and the temporary disruption of Sheppard Air Force Base's access to a statewide law enforcement database [116849]. The incident highlighted the importance of cybersecurity measures and the consequences of poor decisions made by hackers targeting vulnerable systems. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in the article was not attributed to development incompetence. The incident was primarily caused by a cyberattack carried out by a Russia-based criminal syndicate targeting various Texas communities [116849].
(b) The software failure incident described in the article was accidental in nature. The attack was initiated by hackers who gained access to the networks through an attack on a Texas firm providing technology services to local governments. The attack was not a result of incompetence but rather a deliberate and malicious act by the hackers [116849]. |
| Duration |
temporary |
(a) The software failure incident described in the article was temporary. The ransomware attack on the Texas communities, including Borger, caused disruptions to government services, such as workers being frozen out of files, printers demanding money, and police officers unable to retrieve certain records. However, most city services were restored within days, and the city invested in additional cybersecurity protections to prevent future incidents [116849].
(b) The software failure incident was not permanent as the affected cities were able to recover and restore their systems after the ransomware attack. The incident was temporary in nature, caused by the cyberattack, and did not result in a permanent loss of data or functionality [116849]. |
| Behaviour |
omission, value, byzantine, other |
(a) crash: The software failure incident in Borger, Texas, involved a ransomware attack that caused the city's computer system to be hacked, leading to workers being frozen out of files, printers spewing out demands for money, and various government services being disrupted. This resulted in police officers being unable to retrieve certain records, residents unable to pay water bills, and the government unable to print checks [116849].
(b) omission: The ransomware attack in Borger resulted in vital records like birth and death certificates being offline, and the city being unable to process water bill payments, although cutoffs were delayed. Additionally, the police department lost access to previous incident reports due to the encryption of government files [116849].
(c) timing: The software failure incident in Borger, Texas, involved the attackers gaining access to networks in the early hours of the morning while most Texans were still asleep. This timing allowed the hackers to burrow into networks and cause disruptions before being detected [116849].
(d) value: The ransomware attack in Borger led to government files being encrypted, with their titles replaced by gibberish combinations of letters and symbols. This incorrect encryption of files rendered them inaccessible and unusable until the systems were restored [116849].
(e) byzantine: The ransomware attack in Borger resulted in ransom demands appearing on printers and computer screens, and government files being encrypted with gibberish combinations of letters and symbols. This inconsistent behavior of the system, along with the attackers gaining control of networks through various methods like screen-sharing software and remote administration, demonstrates a byzantine failure scenario [116849].
(f) other: The software failure incident in Borger, Texas, also involved the attackers targeting a Texas firm, TSM Consulting Services, which provides technology services to local governments. The attackers used this firm as a gateway to access and control the networks of some of the company's clients, showcasing a supply chain attack that led to the broader system failure [116849]. |