| Recurring |
one_organization, multiple_organization |
(a) The software failure incident has happened again at one_organization:
- The article mentions that the government of Suffolk County was plunged back into the 1990s after a malicious ransomware attack forced it largely offline [134900].
- It is highlighted that some county officials had voiced concerns over the state of the county’s security well before the attack and said they had been rebuffed, indicating a potential history of security concerns within the organization [134900].
(b) The software failure incident has happened again at multiple_organization:
- The article mentions that since 2017, more than 3,600 local, tribal, and state governments across the country were hit by ransomware hackers, indicating a widespread issue affecting multiple organizations [134900].
- The incident also mentions that the hacking outfit responsible for the attack, BlackCat, has targeted a wide range of targets worldwide, including Italy’s state-run electric utility, a Florida university, and a United States defense contractor, showcasing attacks on various organizations [134900]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in Suffolk County was primarily due to contributing factors introduced during the design and development phases. The malicious ransomware attack that hit the county's systems exploited vulnerabilities in the online systems that thread through more than 20 county agencies, from the police department to the Department of Social Services to the division of soil and water conservation [134900]. The attack revealed vulnerabilities in the way the county conducted its business online, indicating weaknesses in the design and development of their cybersecurity measures. Despite investing $6.5 million into cybersecurity initiatives since 2019 and conducting simulations for hackings, weaknesses such as the absence of two-factor authentication were identified [134900].
(b) The software failure incident also involved contributing factors introduced during the operation phase. Following the attack, the county had to resort to manual processes and outdated methods of communication and data handling. Emergency dispatchers had to take down 911 calls by hand, police officers had to revert to radio transmissions for crime scene details, and office workers had to use fax machines due to the disabled email system [134900]. These operational challenges stemmed from the initial software failure caused by the ransomware attack, highlighting the impact of operational disruptions on the county's essential functions. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident in Suffolk County was primarily caused by a malicious ransomware attack that targeted the county's online systems, leading to the compromise of computer systems across various county agencies [134900]. The incident began with the county's antivirus software detecting cybersecurity threats within the system, prompting a shutdown to contain the attack [134900]. Additionally, the lack of two-factor authentication, a standard security measure in the business world, was identified as a weakness in the county's cybersecurity measures [134900].
(b) outside_system: The ransomware attack on Suffolk County was orchestrated by a professional hacking outfit known as BlackCat, also referred to as ALPHV, which is an external threat actor targeting sensitive data and demanding ransom payments [134900]. The attackers were able to penetrate the county's systems and extract significant amounts of data, including personal information of Suffolk County citizens, which was later posted on the dark web [134900]. The attack highlighted vulnerabilities in the county's online business operations and the risks posed by external cyber threats [134900]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in Suffolk County was primarily caused by non-human actions, specifically a malicious ransomware attack carried out by the hacking outfit known as BlackCat [134900]. The ransomware attack compromised the county's computer systems, leading to a shutdown of online systems and essential functions to contain the threat. The attack resulted in the county reverting to manual processes such as taking down 911 calls by hand, using fax machines, and suspending wire payments to contractors [134900].
(b) However, human actions also played a role in the software failure incident. Concerns had been raised by county officials about the state of the county's security prior to the attack, with requests for additional security measures like a separate firewall being made but not fully implemented [134900]. Additionally, the county's cybersecurity readiness was questioned, highlighting the need for proactive measures to prevent such incidents in the future [134900]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in Suffolk County was primarily due to a hardware-related issue. The incident was caused by a malicious ransomware attack that compromised the county's computer systems, leading to the county being largely offline and unable to use their geolocation technology for 911 calls [134900].
(b) The software failure incident in Suffolk County was also influenced by software-related factors. The ransomware attack targeted the county's online systems, including antivirus software that detected cybersecurity threats, leading to a shutdown of internet services to contain the attack [134900]. |
| Objective (Malicious/Non-malicious) |
malicious, non-malicious |
(a) The software failure incident in Suffolk County was malicious in nature, as it was caused by a ransomware attack carried out by a professional hacking outfit known as BlackCat, also known as ALPHV. The attackers stole sensitive data and threatened to release it if a ransom was not paid. The attack resulted in the county being largely offline, with essential functions disrupted, such as emergency dispatchers having to take down 911 calls by hand and various county agencies being affected [134900].
(b) The software failure incident in Suffolk County was also non-malicious in the sense that it revealed vulnerabilities in the county's online business operations and cybersecurity measures. Despite investing $6.5 million in cybersecurity initiatives since 2019 and conducting simulations for hackings, weaknesses remained, such as the lack of two-factor authentication. Additionally, the county was running on outdated legacy systems, which added to its vulnerability. The incident prompted the county to increase its cybersecurity budget and implement additional measures to enhance its security posture [134900]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident in Suffolk County was primarily due to poor decisions made in terms of cybersecurity measures and readiness. Despite investing $6.5 million in cybersecurity initiatives since 2019 and conducting simulations for hackings, weaknesses remained in the system. For example, two-factor authentication, a standard in the business world, was not in use until after the attack [134900].
(b) Additionally, there were accidental decisions or mistakes that contributed to the failure. For instance, concerns over the county's security were raised before the attack, but some officials had been rebuffed. The outgoing county clerk had requested a separate firewall for her office, which was rejected, and the specific request was not fulfilled [134900]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in Suffolk County was not attributed to development incompetence but rather to a malicious ransomware attack carried out by a professional hacking outfit known as BlackCat [134900].
(b) The software failure incident in Suffolk County was accidental in the sense that it was not caused by internal incompetence but rather by external malicious actors who exploited vulnerabilities in the county's systems [134900]. |
| Duration |
temporary |
The software failure incident reported in Article 134900 was temporary. The incident involved a malicious ransomware attack that forced the government of Suffolk County offline, leading to a shutdown of various systems and services. Emergency dispatchers had to resort to taking down 911 calls by hand, police officers reverted to radioing in crime scene details, and office workers had to use fax machines as email was disabled for civil service workers [134900].
The temporary nature of the failure is evident from the fact that measures were taken to counter the threat, such as disabling email, scrubbing infected hardware, and turning off the internet to contain the attack. Additionally, external assistance was sought, and dispatchers from New York City were sent to help until the system could be restored [134900].
Overall, the software failure incident in Suffolk County was temporary, as efforts were made to mitigate the impact and restore functionality over time. |
| Behaviour |
crash, omission, timing, value, other |
(a) crash: The software failure incident in Suffolk County was due to a malicious ransomware attack that forced the government largely offline, leading to emergency dispatchers taking down 911 calls by hand and police officers resorting to radioing in crime scene details instead of emailing reports. The county had to disable email for all civil service workers and scrub infected hardware to contain the attack, resulting in a situation where essential functions were snarled [134900].
(b) omission: The software failure incident resulted in the omission of essential functions such as dispatchers being unable to use computer-aided dispatch systems to automatically locate and record callers, leading to a need for dispatchers to take down 911 calls by hand [134900].
(c) timing: The software failure incident caused delays in essential services, such as 911 response times potentially lagging due to dispatchers being unable to use computer-aided dispatch systems, which automatically locate and record callers [134900].
(d) value: The software failure incident led to the performance of intended functions incorrectly, as seen in the case of the police having to resort to radio transmission to call in incidents instead of emailing reports from tablets at the scene [134900].
(e) byzantine: The software failure incident did not exhibit behaviors of a byzantine failure as described in the articles.
(f) other: The software failure incident also resulted in the need for reverting to outdated methods such as using fax machines, paper checks for payments to contractors, and offline title searches, showcasing a disruption in the normal functioning of the systems [134900]. |