| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to targeting industrial control systems with malware, specifically exploiting underlying software in PLCs known as Codesys, has happened again at Schneider Electric and OMRON [126863].
(b) The software failure incident related to targeting industrial control systems with malware has also happened at other organizations beyond Schneider Electric and OMRON, as the malware could easily be adapted to work in almost any industrial environment, affecting critical infrastructure owners worldwide [126863]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident described in the articles is related to the design phase. The incident involves malware designed to target industrial control systems like power grids, factories, water utilities, and oil refineries. The malware contains components designed to disrupt or take control of the functioning of devices, including programmable logic controllers (PLCs) sold by Schneider Electric and OMRON. It exploits underlying software in those PLCs known as Codesys, which is used broadly across hundreds of other types of PLCs, making it adaptable to work in almost any industrial environment [126863].
(b) The software failure incident is not related to the operation phase or misuse of the system. |
| Boundary (Internal/External) |
outside_system |
The software failure incident described in the article [126863] is primarily categorized as an outside_system failure. The incident involves the discovery of a new hacker toolkit named "Pipedream" that targets industrial control systems like power grids, factories, water utilities, and oil refineries. The malware toolkit was developed by an unnamed "APT actor," potentially a state-sponsored hacker group, and is designed to disrupt or take control of industrial control system equipment, including programmable logic controllers (PLCs) and Open Platform Communications Unified Architecture (OPC UA) servers. The malware exploits underlying software vulnerabilities in PLCs like Schneider Electric and OMRON, which are widely used across various industries, making it adaptable to almost any industrial environment. The article highlights that the malware toolkit has not yet been deployed for disruptive or destructive effects on victims' industrial control systems, indicating an external threat to the system originating from outside sources. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case is related to non-human actions, specifically the discovery of a malware toolkit named Pipedream that was designed to target industrial control systems like power grids, factories, water utilities, and oil refineries [126863]. This malware toolkit contains components designed to disrupt or take control of devices, including programmable logic controllers (PLCs) and Open Platform Communications Unified Architecture (OPC UA) servers. The malware has the ability to hijack target devices, disrupt operators' access, permanently brick devices, and potentially give hackers access to other parts of an industrial control system network. The malware exploits underlying software in PLCs known as Codesys, which is used broadly across various types of PLCs, making it adaptable to work in almost any industrial environment. The malware was developed by an unnamed "APT actor," indicating an advanced persistent threat, possibly state-sponsored hacker groups [126863].
(b) The failure due to human actions in this case is related to the development and deployment of the malware toolkit by the APT actor. While the specific origin of the malware is not clear, the timing of the advisory follows warnings from the Biden administration about potential disruptive cyberattacks, particularly in the midst of the Russian invasion of Ukraine. The malware toolkit, although not yet deployed for disruptive or destructive effects, poses a significant threat to industrial control systems, with the potential to cause destruction or loss of life in critical infrastructure such as power grids and oil refineries [126863]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The article discusses a malware toolkit named Pipedream that targets industrial control systems, including programmable logic controllers (PLCs) sold by Schneider Electric and OMRON, which are hardware components used in industrial environments [126863].
(b) The software failure incident related to software:
- The article highlights that the Pipedream malware toolkit exploits underlying software in PLCs known as Codesys, which is used across various types of PLCs, indicating a software-related vulnerability [126863]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The objective of the software failure incident was malicious, as it involved the discovery of a malware toolkit named "Pipedream" designed to target industrial control systems like power grids, factories, water utilities, and oil refineries. The malware was described as a comprehensive industrial control system attack tool with the ability to disrupt or take control of devices, including programmable logic controllers (PLCs) and Open Platform Communications Unified Architecture (OPC UA) servers. The malware was designed to hijack target devices, disrupt operators' access, brick devices, and potentially provide hackers access to other parts of industrial control system networks. The malware exploited underlying software vulnerabilities in PLCs, particularly targeting Schneider Electric and OMRON PLCs, with the potential to be adapted for various industrial environments [126863].
(b) The software failure incident was non-malicious in the sense that the malware had not yet been deployed for disruptive or destructive effects on any victim's industrial control systems. While the malware was sophisticated and capable of causing significant harm, there was no evidence that it had triggered actual physical effects on any industrial control systems at the time of discovery. The discovery of the malware and the subsequent advisory issued by government agencies aimed to raise awareness and provide protective measures for infrastructure operators to safeguard their operations against potential threats posed by the malware [126863]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
The intent of the software failure incident described in the articles is related to poor_decisions. The incident involves the discovery of a malware toolkit named Pipedream that is designed to target industrial control systems, including PLCs from Schneider Electric and OMRON, as well as OPC UA servers. The malware is described as a sophisticated and expansive industrial control system attack tool with the ability to disrupt or take control of devices, potentially causing significant damage to critical infrastructure such as power grids and oil refineries [126863]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the article as it discusses the discovery of a new hacker toolkit called "Pipedream" that targets industrial control systems. The malware was designed to target a wide range of industrial control system equipment, including programmable logic controllers (PLCs) from Schneider Electric and OMRON. The malware exploits underlying software in those PLCs known as Codesys, which is used broadly across hundreds of other types of PLCs, indicating a lack of professional competence in securing these systems [126863].
(b) The software failure incident related to accidental factors is not explicitly mentioned in the article. |
| Duration |
temporary |
The software failure incident described in the article is temporary. The malware toolkit named "Pipedream" has the ability to disrupt or take control of industrial control system equipment, including programmable logic controllers (PLCs) and Open Platform Communications Unified Architecture (OPC UA) servers [126863]. The malware has not yet triggered actual physical effects on a victim's industrial control systems, indicating that the failure is temporary and has not caused permanent damage [126863]. |
| Behaviour |
other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and does not perform any of its intended functions [126863].
(b) omission: The incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s) [126863].
(c) timing: The incident does not involve a failure due to the system performing its intended functions correctly, but too late or too early [126863].
(d) value: The incident does not involve a failure due to the system performing its intended functions incorrectly [126863].
(e) byzantine: The incident does not involve a failure due to the system behaving erroneously with inconsistent responses and interactions [126863].
(f) other: The behavior of the software failure incident described in the article is related to a sophisticated malware toolkit designed to target industrial control systems, potentially disrupting or taking control of devices, including PLCs and OPC UA servers. The malware, named "Pipedream," is described as a comprehensive industrial control system attack tool with the ability to hijack target devices, disrupt operators' access, brick devices, and potentially give hackers access to other parts of the network. It is noted that the malware exploits multiple zero-day vulnerabilities and is adaptable to work in various industrial environments, posing a significant threat to critical infrastructure systems [126863]. |