Incident: Cyber-Attack on Go-Ahead's Bus Scheduling Software Impacts Services

Published Date: 2022-09-06

Postmortem Analysis
Timeline 1. The software failure incident affecting Go-Ahead's bus services happened on a Sunday and became more widespread on a Monday [132630]. 2. Published on 2022-09-06. 3. Estimated Timeline: The incident likely occurred on September 4, 2022.
System 1. Software used to schedule bus drivers and services [132630]
Responsible Organization 1. The cyber-attack was responsible for causing the software failure incident at Go-Ahead, affecting the scheduling software used for bus drivers and services [132630].
Impacted Organization 1. Go-Ahead (UK's biggest transport company) [132630]
Software Causes 1. Cyber-attack affecting software used to schedule bus drivers and services [132630]
Non-software Causes 1. Cyber-attack affecting software used to schedule bus drivers and services [132630].
Impacts 1. The software failure incident at Go-Ahead, a major UK transport company, affected the software used to schedule bus drivers and services, leading to disruptions in back office systems, bus services, and payroll software [132630].
Preventions 1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and employee training to prevent cyber-attacks like the one experienced by Go-Ahead [132630]. 2. Ensuring timely software updates and patches to address known vulnerabilities that could be exploited by cybercriminals [132630]. 3. Utilizing multi-factor authentication and strong password policies to enhance the security of the software systems [132630].
Fixes 1. Implementing robust cybersecurity measures to prevent future cyber-attacks on the software systems [132630]. 2. Conducting regular security audits and vulnerability assessments to identify and address any weaknesses in the software infrastructure [132630]. 3. Enhancing backup and disaster recovery systems to ensure quick restoration of services in case of a cyber-attack or system failure [132630].
References 1. Go-Ahead company spokesperson 2. Information Commissioner’s Office in the UK 3. IBM 4. NHS supplier, Advanced 5. Australian bus operator Kinetic and infrastructure specialist Globalvia 6. Shareholders of Go-Ahead 7. Previous cyber-attacks on easyJet, British Airways, Marriott, banks, and telecoms companies [132630]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident has happened again at one_organization: - Go-Ahead, one of the UK's biggest transport companies, is managing a cyber-attack that has affected software used to schedule bus drivers and services. This incident is similar to the cyber-attack incidents that have affected other organizations in the past, such as easyJet and British Airways [132630]. (b) The software failure incident has happened again at multiple_organization: - The article mentions other organizations that have been affected by cyber-attacks in the past, including easyJet, British Airways, Marriott, banks, and telecoms companies. These incidents indicate a trend of cyber-attacks targeting various sectors and industries, not limited to just one organization [132630].
Phase (Design/Operation) design (a) The software failure incident reported in Article 132630 is related to the design phase. The incident was a cyber-attack that affected the software used to schedule bus drivers and services at Go-Ahead, a UK transport company. The company became aware of a fault on its server, which then escalated to affect several back office systems, including bus services and payroll software. Go-Ahead mentioned working with IBM to activate backup systems to ensure bus services can continue running despite the cyber-attack [132630].
Boundary (Internal/External) within_system (a) within_system: The software failure incident reported in Article 132630 is a cyber-attack on Go-Ahead, a UK transport company. The cyber-attack affected the software used to schedule bus drivers and services, as well as several back office systems including bus services and payroll software. The company mentioned that it was managing the cyber-attack and working with IBM to activate backup systems to ensure bus services can continue running [132630]. This indicates that the failure originated from within the system due to the cyber-attack on the software and internal systems.
Nature (Human/Non-human) non-human_actions (a) The software failure incident at Go-Ahead, a UK transport company, was due to a cyber-attack affecting the software used to schedule bus drivers and services. The cyber-attack impacted various back office systems, including bus services and payroll software. Go-Ahead mentioned working with IBM to activate backup systems to ensure bus services can continue running despite the cyber-attack [132630]. (b) The article does not provide specific information about the software failure incident being caused by human actions.
Dimension (Hardware/Software) hardware, software (a) The software failure incident reported in Article 132630 was due to a cyber-attack, which is a contributing factor originating in hardware. The cyber-attack affected the software used to schedule bus drivers and services at Go-Ahead, a UK transport company. The company mentioned that it became aware of a fault on its server, indicating that the attack targeted the hardware infrastructure supporting the software systems [132630]. (b) The software failure incident was also related to software issues. The cyber-attack impacted several back office systems, including bus services and payroll software, indicating that the software itself was compromised or affected by the attack. Go-Ahead mentioned that certain technology functions were unavailable due to the incident, highlighting the impact on the software operations [132630].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident reported in Article 132630 is malicious in nature. It was a cyber-attack on Go-Ahead, a UK transport company, affecting software used to schedule bus drivers and services. The cyber-attack impacted several back office systems, including bus services and payroll software. Go-Ahead mentioned working with IBM to activate backup systems to ensure bus services can continue running despite the attack. The incident was serious enough for the company to inform regulators, including the Information Commissioner’s Office in the UK, about the attack [132630].
Intent (Poor/Accidental Decisions) unknown (a) The software failure incident at Go-Ahead, a UK transport company, was due to a cyber-attack affecting the software used to schedule bus drivers and services. The incident was not a result of accidental decisions but rather a deliberate attack on the company's systems [132630].
Capability (Incompetence/Accidental) unknown (a) The software failure incident reported in Article 132630 is related to a cyber-attack on Go-Ahead, a UK transport company. The cyber-attack affected the software used to schedule bus drivers and services, leading to disruptions in back office systems, including bus services and payroll software. The incident highlights the impact of cybersecurity threats on critical infrastructure and the importance of robust security measures to prevent such attacks [132630]. (b) The software failure incident at Go-Ahead was not accidental but rather a deliberate cyber-attack aimed at disrupting the company's operations. The attack was targeted at specific software systems used for scheduling bus drivers and services, indicating a deliberate attempt to cause disruption and potentially gain unauthorized access to sensitive information. This highlights the ongoing threat of cyber-attacks on organizations and the need for strong cybersecurity measures to protect against such incidents [132630].
Duration temporary The software failure incident reported in Article 132630 is temporary. The cyber-attack affected the software used to schedule bus drivers and services at Go-Ahead, a UK transport company. The company was able to activate backup systems to ensure its bus services could keep running despite certain technology functions being unavailable. The incident was managed, and the company expressed confidence in operating a comprehensive service the following day [132630].
Behaviour other (a) crash: The software failure incident in Article 132630 is related to a cyber-attack on Go-Ahead, a UK transport company, affecting software used to schedule bus drivers and services. The incident led to a fault on the server, affecting back office systems, including bus services and payroll software. The company had to work with IBM to activate backup systems to ensure bus services could continue running without disruption [132630]. (b) omission: There is no specific mention of the software omitting to perform its intended functions at an instance(s) in the provided article. (c) timing: The incident did not involve the system performing its intended functions too late or too early. (d) value: The software failure incident did not involve the system performing its intended functions incorrectly. (e) byzantine: The incident did not involve the system behaving erroneously with inconsistent responses and interactions. (f) other: The other behavior observed in this software failure incident is related to a cyber-attack compromising the software systems used for scheduling bus drivers and services, leading to disruptions in back office systems and necessitating the activation of backup systems to maintain bus services [132630].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence delay, non-human (a) death: There is no mention of any deaths resulting from the software failure incident reported in the articles. [132630] (b) harm: There is no mention of any physical harm to individuals resulting from the software failure incident reported in the articles. [132630] (c) basic: There is no mention of people's access to food or shelter being impacted due to the software failure incident reported in the articles. [132630] (d) property: The software failure incident affected the software used to schedule bus drivers and services, payroll software, and back office systems, indicating a potential impact on data and operational efficiency. However, there is no specific mention of people's material goods, money, or data being directly impacted. [132630] (e) delay: The software failure incident led to disruptions in bus services and back office systems, which could have caused delays for passengers relying on the services. [132630] (f) non-human: The software failure incident impacted the software systems used by Go-Ahead for scheduling bus drivers and services, payroll software, and back office systems. Non-human entities such as the software systems themselves were directly impacted by the incident. [132630] (g) no_consequence: There were observed consequences of the software failure incident, including disruptions to bus services and back office systems. Therefore, the option of 'no_consequence' does not apply. [132630] (h) theoretical_consequence: The articles do not mention any potential consequences discussed that did not actually occur as a result of the software failure incident. [132630] (i) other: The articles do not provide information on any other specific consequences of the software failure incident beyond the disruptions to bus services and back office systems. [132630]
Domain transportation (a) The software failure incident reported in Article 132630 is related to the transportation industry. Go-Ahead, a major UK transport company, experienced a cyber-attack that affected the software used to schedule bus drivers and services. The incident impacted various back office systems, including bus services and payroll software, highlighting the transportation industry's reliance on software systems for efficient operations [132630].

Sources

Back to List