Incident: Data Breach at US Border: Perceptics Cyberattack Details Revealed

Published Date: 2019-06-21

Postmortem Analysis
Timeline 1. The software failure incident, a cyberattack on the subcontractor working with US Customs and Border Protection, happened in May [86015]. Therefore, the incident occurred in May 2019.
System 1. Perceptics license plate scanners system 2. CBP subcontractor network system 3. CBP data transfer policies [Cited Article: 86015]
Responsible Organization 1. Tennessee-based Perceptics was responsible for causing the software failure incident as they were the subcontractor working with US Customs and Border Protection and transferred images from the agency to its own network where the cyberattack occurred [86015].
Impacted Organization 1. US Customs and Border Protection (CBP) [86015] 2. Perceptics (the subcontractor) [86015]
Software Causes 1. The software cause of the failure incident was a cyberattack on the subcontractor's network, leading to the theft of sensitive data including government agency contracts, budget spreadsheets, and Powerpoint presentations [86015].
Non-software Causes 1. Violation of agency policies by the subcontractor in transferring images from the CBP to its own network, leading to the attack [86015].
Impacts 1. Sensitive data, including government agency contracts, budget spreadsheets, and Powerpoint presentations, was stolen from the CBP subcontractor, Perceptics [86015].
Preventions 1. Implementing strict access controls and encryption protocols to protect sensitive data during transfer [86015]. 2. Conducting regular security audits and assessments to identify vulnerabilities and address them promptly [86015]. 3. Enforcing strict adherence to data handling policies and procedures to prevent unauthorized transfers and access [86015].
Fixes 1. Implementing stricter data transfer policies and controls to prevent unauthorized transfers of sensitive data from government agencies to subcontractors' networks [86015]. 2. Enhancing cybersecurity measures, such as encryption and access controls, to protect sensitive data stored on subcontractors' networks [86015]. 3. Conducting regular security audits and assessments to identify vulnerabilities and potential risks in the data transfer processes between government agencies and subcontractors [86015].
References 1. US Customs and Border Protection (CBP) [86015] 2. The Washington Post [86015] 3. Perceptics [86015]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident related to the cyberattack on the subcontractor working with US Customs and Border Protection (CBP) happened at the same organization, CBP. This incident involved the theft of sensitive data, including government agency contracts, budget spreadsheets, and Powerpoint presentations from the CBP subcontractor, Perceptics [86015]. (b) There is no information in the provided article about the software failure incident happening again at multiple organizations.
Phase (Design/Operation) design (a) The software failure incident in this case can be attributed to a design-related issue. The subcontractor, Perceptics, transferred images from the CBP to its own network, which is where the cyberattack occurred. This transfer was deemed a violation of CBP's policies, indicating a flaw in the design or implementation of the system's data transfer process [86015]. (b) The operation of the system did not seem to be the primary contributing factor to the software failure incident reported in the articles. The focus was more on the unauthorized transfer of data by the subcontractor, Perceptics, rather than on operational misuse of the system [86015].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident involving the cyberattack on the subcontractor working with US Customs and Border Protection was primarily due to factors originating from within the system. The article mentions that the subcontractor, Perceptics, transferred images from the CBP to its own network, which is where the attack occurred. This transfer was stated to be a violation of the agency's policies, indicating an internal system issue [86015]. (b) outside_system: The software failure incident also involved factors originating from outside the system. Hackers were able to breach the system and steal sensitive data, including government agency contracts, budget spreadsheets, and Powerpoint presentations. The stolen data was later found on the dark web, indicating an external threat that exploited vulnerabilities in the system [86015].
Nature (Human/Non-human) non-human_actions (a) The software failure incident in this case occurred due to non-human actions, specifically a cyberattack on the subcontractor's network where sensitive data was stolen by hackers [86015]. The attack resulted in the theft of various types of data beyond just photographs, including government agency contracts, budget spreadsheets, and Powerpoint presentations. The stolen data was later found on the dark web, indicating that the breach was not caused by human error but rather by external malicious actors.
Dimension (Hardware/Software) hardware, software (a) The software failure incident in Article 86015 occurred due to contributing factors that originate in hardware. The subcontractor, Perceptics, responsible for the license plate scanners used at the US border, transferred images from the CBP agency to its own network, where the cyberattack took place. This transfer of images from the hardware (license plate scanners) to the subcontractor's network was a violation of CBP's policies, leading to the breach and theft of sensitive data [86015]. (b) The software failure incident in Article 86015 also had contributing factors that originated in software. The cyberattack on the subcontractor's network resulted in the theft of sensitive data, including government agency contracts, budget spreadsheets, and Powerpoint presentations. This indicates a vulnerability in the software systems or network security of the subcontractor, allowing hackers to access and steal such critical information [86015].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in Article 86015 was malicious in nature. Hackers conducted a cyberattack on a subcontractor working with US Customs and Border Protection, stealing sensitive data including government agency contracts, budget spreadsheets, and Powerpoint presentations. The stolen data was later found on the dark web, indicating malicious intent to harm the system [86015].
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident involving the cyberattack on the subcontractor working with US Customs and Border Protection was partly due to poor decisions. The subcontractor, Perceptics, transferred images from the agency to its own network, which was against CBP's policies. This decision to transfer sensitive data to its network contributed to the vulnerability that led to the cyberattack [86015].
Capability (Incompetence/Accidental) accidental (a) The software failure incident in Article 86015 does not directly point to development incompetence as the cause of the cyberattack. It primarily focuses on the cyberattack itself and the stolen data from the subcontractor working with US Customs and Border Protection. (b) The software failure incident in Article 86015 seems to be more aligned with an accidental failure. The cyberattack on the subcontractor, Perceptics, where sensitive data including government agency contracts and budget spreadsheets were stolen, appears to have occurred unintentionally. The article does not suggest that the cyberattack was a result of intentional actions by the subcontractor or CBP.
Duration temporary The software failure incident reported in Article 86015 was temporary. The incident involved a cyberattack on a subcontractor working with US Customs and Border Protection, resulting in the theft of sensitive data such as government agency contracts, budget spreadsheets, and Powerpoint presentations. The stolen data was found on the dark web after the attack occurred. The incident is being actively investigated by CBP, and measures are being taken to monitor for any unauthorized disclosure of data. This indicates that the failure was temporary and not permanent [86015].
Behaviour other (a) crash: The software failure incident in the article does not specifically mention a crash where the system loses state and does not perform any of its intended functions [86015]. (b) omission: The incident does not describe a failure due to the system omitting to perform its intended functions at an instance(s) [86015]. (c) timing: The incident does not involve a failure due to the system performing its intended functions correctly, but too late or too early [86015]. (d) value: The software failure incident in the article does not involve a failure due to the system performing its intended functions incorrectly [86015]. (e) byzantine: The incident does not describe a failure due to the system behaving erroneously with inconsistent responses and interactions [86015]. (f) other: The behavior of the software failure incident in the article is related to a cyberattack where hackers stole sensitive data from the CBP subcontractor, including government agency contracts, budget spreadsheets, and Powerpoint presentations. This behavior falls under the category of a security breach rather than a specific software failure mode [86015].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident involving the cyberattack on the subcontractor working with US Customs and Border Protection resulted in the theft of sensitive data, including government agency contracts, budget spreadsheets, and Powerpoint presentations. This data was stolen from the CBP subcontractor, Tennessee-based Perceptics, and was found on the dark web after the attack occurred. The stolen data indicates a direct impact on property, specifically data belonging to the government agency and the subcontractor [86015].
Domain information, government (a) The failed system was intended to support the information industry as it involved the theft of sensitive data, government agency contracts, budget spreadsheets, and Powerpoint presentations from the CBP subcontractor's database [86015]. (b) There is no specific mention of the transportation industry in the articles. (c) There is no specific mention of the natural resources industry in the articles. (d) There is no specific mention of the sales industry in the articles. (e) There is no specific mention of the construction industry in the articles. (f) There is no specific mention of the manufacturing industry in the articles. (g) There is no specific mention of the utilities industry in the articles. (h) There is no specific mention of the finance industry in the articles. (i) There is no specific mention of the knowledge industry in the articles. (j) There is no specific mention of the health industry in the articles. (k) There is no specific mention of the entertainment industry in the articles. (l) The failed system was directly related to the government industry as the cyberattack targeted a subcontractor working with US Customs and Border Protection, involving the theft of government agency contracts and sensitive data [86015]. (m) There is no specific mention of any other industry in the articles.

Sources

Back to List