Incident: Cyber Attack on ACME Chemical Company's Computer Network.

Published Date: 2011-10-01

Postmortem Analysis
Timeline 1. The software failure incident happened during a cyber attack exercise as part of a weeklong training program offered by the Department of Homeland Security to industries [7840]. 2. The incident was part of a demonstration for reporters attending a two-day media event that ended on a Friday [7840]. 3. Published on 2011-10-01, the incident likely occurred in September 2011.
System The system that failed in the software failure incident described in the article is: 1. ACME chemical company's computer network security system [7840]
Responsible Organization 1. The BAD hacker from Barney Advanced Domestic (BAD) Chemical Co was responsible for causing the software failure incident at the ACME chemical company [7840].
Impacted Organization 1. ACME chemical company [7840]
Software Causes 1. The software cause of the failure incident was a cyber attack where hackers infiltrated the chemical company's computer network through a phishing attack, leading to the breach and disruption of operations [7840].
Non-software Causes 1. Lack of cybersecurity awareness and training within the company [7840] 2. Human error in clicking on a phishing email leading to a breach [7840] 3. Insufficient network defenses and firewall protection [7840] 4. Inadequate delegation of responsibilities and unclear response policies within the company [7840]
Impacts 1. The software failure incident led to a breach in the chemical company's computer network by hackers, resulting in the loss of control over the network [7840]. 2. The breach caused the chemicals being mixed to spill out of white vats into a metal basin underneath, indicating a disruption in operations and potential safety hazards [7840].
Preventions 1. Implementing robust cybersecurity measures such as multi-factor authentication, intrusion detection systems, and regular security audits could have prevented the software failure incident [7840]. 2. Conducting regular employee training on cybersecurity best practices, including how to identify and avoid phishing attacks, could have helped prevent the breach [7840]. 3. Enforcing strict policies regarding clicking on links in emails and ensuring employees are aware of the risks associated with such actions could have mitigated the vulnerability exploited by the hackers [7840].
Fixes 1. Implementing stronger email security measures to prevent phishing attacks like the one that allowed the hacker to gain access to the CEO's computer system [7840]. 2. Conducting regular cybersecurity training and exercises for employees to raise awareness and improve response to cyber attacks [7840]. 3. Establishing clear policies and procedures for responding to cyber attacks within the company [7840]. 4. Continuously evolving and updating cybersecurity defenses to stay ahead of evolving hacker methodologies [7840].
References 1. Department of Homeland Security (DHS) [7840] 2. Idaho National Laboratory [7840]

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident related to the cyber attack on the ACME chemical company in Idaho Falls was part of a training exercise conducted by the Department of Homeland Security. The incident involved hackers infiltrating the company's computer network through a phishing attack, leading to a breach in the system and causing disruptions in operations [7840]. (b) The article mentions that the Department of Homeland Security conducts these training exercises about once a month for various industries, including representatives from the energy, oil and gas, and transportation sectors. This indicates that similar incidents or exercises may have occurred at multiple organizations in different sectors to raise awareness about dealing with cyber attacks [7840].
Phase (Design/Operation) design, operation (a) The software failure incident in the article can be attributed to the design phase. The incident occurred when hackers infiltrated the chemical company's computer network by exploiting a vulnerability in the system's design. The breach was initiated through a phishing attack that tricked the CEO into clicking on a malicious link, which then allowed the hacker to access the system and obtain sensitive information [7840]. (b) Additionally, the software failure incident can also be linked to the operation phase. The CEO's action of clicking on the email link, which led to the breach, can be considered an operational error or misuse of the system. This action contributed to the success of the hacker in penetrating the network and causing the software failure incident [7840].
Boundary (Internal/External) within_system (a) within_system: The software failure incident described in the article is within the system. The failure occurred due to a cyber attack where hackers infiltrated the chemical company's computer network by penetrating the firewall through a phishing attack [7840]. The incident involved the malicious software opening a tunnel for the hacker to access the computer system and find the CEO's password, leading to the breach and subsequent spillage of chemicals [7840]. The failure was a result of vulnerabilities within the system that allowed the hackers to gain unauthorized access and disrupt operations.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in the article was primarily due to non-human actions, specifically a cyber attack by hackers infiltrating the chemical company's computer network [7840]. The hackers used a phishing attack to penetrate the company's firewall and gain access to the system, leading to the breach and subsequent spillage of chemicals [7840]. (b) Human actions also played a role in the software failure incident as the CEO of the company clicked on a malicious link in an email, which allowed the hackers to enter the network [7840]. The CEO's decision to click on the link was a contributing factor introduced by human actions that facilitated the cyber attack.
Dimension (Hardware/Software) software (a) The software failure incident reported in the article was not due to hardware issues but rather due to a cyber attack by hackers infiltrating the chemical company's computer network [7840]. The incident involved the hackers penetrating the company's firewall through a phishing attack, exploiting vulnerabilities in the software systems rather than hardware components. (b) The software failure incident was primarily caused by contributing factors originating in software, specifically through the exploitation of vulnerabilities in the company's computer network by the hackers [7840]. The malicious software used by the hackers opened a tunnel into the computer system, allowing them to access sensitive information and disrupt operations.
Objective (Malicious/Non-malicious) malicious (a) The software failure incident described in the article is malicious in nature. It involved hackers infiltrating the chemical company's computer network with the intent to disrupt operations and steal sensitive information. The hackers used phishing attacks to gain access to the system and cause disruptions, indicating a deliberate attempt to harm the company ([7840]).
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident in the article was primarily due to poor decisions made by the CEO of the ACME chemical company. The CEO clicked on a malicious link in an email that led to a hacker gaining access to the company's computer network. This poor decision allowed the hacker to penetrate the firewall and compromise the system, resulting in a breach and the spillage of chemicals [7840].
Capability (Incompetence/Accidental) accidental (a) The software failure incident in the article was not due to development incompetence but rather a deliberate cyber attack by hackers who infiltrated the chemical company's computer network [7840]. (b) The software failure incident was accidental in the sense that the CEO of the fictitious ACME chemical company clicked on a malicious link in an email, unknowingly allowing the hacker to penetrate the system and find the CEO's password, leading to the breach [7840].
Duration temporary (a) The software failure incident described in the article was temporary. It was part of a cyber attack exercise conducted by the Department of Homeland Security to train industries on dealing with intrusions into their computer networks. The exercise, which usually lasts 12 hours, was compressed into two hours for a demonstration for reporters attending a media event [7840].
Behaviour crash, other (a) crash: The software failure incident described in the article can be categorized as a crash. The incident involved hackers infiltrating a chemical company's computer network, causing the system to lose control and the firm's experts running around trying to regain control [7840]. (b) omission: The software failure incident does not specifically mention a failure due to the system omitting to perform its intended functions at an instance(s). (c) timing: The software failure incident does not specifically mention a failure due to the system performing its intended functions correctly, but too late or too early. (d) value: The software failure incident does not specifically mention a failure due to the system performing its intended functions incorrectly. (e) byzantine: The software failure incident does not specifically mention a failure due to the system behaving erroneously with inconsistent responses and interactions. (f) other: The software failure incident involved a cyber attack scenario of industrial espionage where the system was compromised through a phishing attack, leading to a breach that caused chemicals to spill out of vats into a metal basin [7840].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, unknown (a) unknown (b) unknown (c) unknown (d) The consequence of the software failure incident was related to property damage. The breach led to the chemicals being mixed spilling out of white vats into a metal basin underneath [7840]. (e) unknown (f) unknown (g) unknown (h) unknown (i) unknown
Domain manufacturing (a) The failed system was intended to support the manufacturing industry. The incident involved a chemical company, ACME, which had built a new chemical product that was targeted by a competitor, Barney Advanced Domestic (BAD) Chemical Co, in an act of industrial espionage [7840].

Sources

Back to List