| Recurring |
one_organization, multiple_organization |
(a) The software failure incident has happened again at one_organization:
The Royal Bank of Scotland (RBS) experienced a cyber-attack that caused IT problems, preventing customers from accessing their bank accounts for the second time in a week. The incident was unrelated to a previous systems meltdown that occurred on Monday [55634].
(b) The software failure incident has happened again at multiple_organization:
Other US banks, such as Citigroup and Bank of America, have also been victims of similar denial of service attacks aimed at high-profile institutions to cause disruption. JP Morgan, the biggest US bank, reported being hit by a different type of cyber-attack as well [55634]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident at the Royal Bank of Scotland was related to the design phase. The incident was attributed to a cyber-attack, specifically a distributed denial of service (DDoS) attack, which overwhelmed the bank's servers with useless requests, causing difficulties for customers accessing their online accounts [55634].
(b) The software failure incident was not related to the operation phase but rather to a deliberate cyber-attack that targeted the bank's systems, causing disruption in customer access to online accounts [55634]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident at the Royal Bank of Scotland was primarily caused by a cyber-attack, specifically a distributed denial of service (DDoS) attack. The bank mentioned that the surge in internet traffic directed at their website caused difficulties for customers accessing their online accounts. This attack overwhelmed the bank's servers, leading to the disruption of services. Additionally, previous software failures at the bank, such as a botched software upgrade in June 2012, indicate internal system issues that have contributed to past incidents [55634].
(b) outside_system: The software failure incident at the Royal Bank of Scotland was triggered by external factors, specifically a deliberate cyber-attack in the form of a DDoS attack. The attack involved thousands of computers under the control of an external attacker overwhelming the bank's servers with useless requests, causing the system to come to a standstill. This external attack was aimed at causing maximum disruption to high-profile institutions like RBS. Additionally, the article mentions concerns from city regulators about the security of banks' IT systems, indicating external scrutiny and potential threats to the system from outside sources [55634]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The Royal Bank of Scotland experienced IT problems due to a cyber-attack, specifically a distributed denial of service (DDoS) attack, which overwhelmed the bank's servers with useless requests, causing difficulties for customers accessing their online accounts [55634].
- The bank mentioned that the surge in internet traffic directed at the NatWest website was deliberate and not a result of internal system issues [55634].
(b) The software failure incident occurring due to human actions:
- The bank's new chief executive, Ross McEwan, attributed the problems to decades of under-investment in IT, indicating a potential human factor in the failure [55634].
- Union leaders blamed cost-cutting for the IT problems experienced by the bank, suggesting that human actions related to financial decisions may have contributed to the software failure incident [55634]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The article mentions a botched software upgrade in June 2012 that left RBS with a £175m bill for compensation for up to 13 million customers. This incident was attributed to a hardware-related issue, as it resulted from a software upgrade gone wrong, indicating contributing factors originating in hardware [55634].
(b) The software failure incident occurring due to software:
- The main software failure incident reported in the article is attributed to a cyber-attack, specifically a distributed denial of service (DDoS) attack, which overwhelmed the bank's systems and prevented customers from accessing their accounts. This incident is clearly linked to software-related factors, as it involved deliberate targeting of the bank's online services through internet traffic manipulation [55634]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in Article 55634 was malicious in nature. The Royal Bank of Scotland attributed the IT problems that prevented customers from accessing their bank accounts to a cyber-attack, specifically a distributed denial of service (DDoS) attack. The bank stated that there was a deliberate surge of internet traffic directed at their website, causing difficulties for customers to access their online accounts. Additionally, the article mentions that other high-profile institutions like US banks had been victims of similar attacks aimed at causing maximum disruption [55634]. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The software failure incident at the Royal Bank of Scotland was primarily attributed to a cyber-attack, specifically a distributed denial of service (DDoS) attack. The bank mentioned that the surge in internet traffic directed at their website was deliberate, indicating an external attack aimed at disrupting their services [55634].
(b) The incident does not indicate any contributing factors introduced by accidental decisions or mistakes. The focus is on the deliberate nature of the cyber-attack and the subsequent actions taken to restore the affected websites and services. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident at the Royal Bank of Scotland was not directly attributed to development incompetence. However, it mentioned a botched software upgrade in June 2012 that left RBS with a £175m bill for compensation for up to 13 million customers, indicating a failure related to software development [55634].
(b) The software failure incident at the Royal Bank of Scotland was primarily attributed to a cyber-attack, specifically a distributed denial of service (DDoS) attack, which overwhelmed the bank's servers with useless requests, causing difficulties for customers accessing their online accounts. This incident was not accidental but rather a deliberate attack on the bank's systems [55634]. |
| Duration |
temporary |
The software failure incident reported in Article 55634 was temporary. The incident involved a cyber-attack in the form of a distributed denial of service (DDoS) attack that caused difficulties for customers accessing the NatWest website. The bank took appropriate action to restore the affected websites, and the problem was largely fixed in just over half an hour [55634]. |
| Behaviour |
other |
(a) crash: The software failure incident mentioned in the article is not specifically described as a crash where the system loses state and does not perform any of its intended functions [55634].
(b) omission: The incident does not directly mention the failure as an omission where the system omits to perform its intended functions at an instance(s) [55634].
(c) timing: The incident does not indicate that the failure was due to the system performing its intended functions correctly but too late or too early [55634].
(d) value: The failure is not attributed to the system performing its intended functions incorrectly [55634].
(e) byzantine: The incident does not suggest that the failure was due to the system behaving erroneously with inconsistent responses and interactions [55634].
(f) other: The behavior of the software failure incident in the article is attributed to a cyber-attack, specifically a distributed denial of service (DDoS) attack, which overwhelmed the bank's servers with useless requests, causing difficulties in accessing customer websites [55634]. |