| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
Pennsylvania State University's College of Engineering has been the target of two "highly sophisticated" cyberattacks over the last two years [36277]. This incident indicates a recurrence of software failure within the same organization.
(b) The software failure incident having happened again at multiple_organization:
The article mentions that the cyberattacks on Penn State are part of a long line of cyberattacks on US universities, citing hacks into databases at the University of California, Los Angeles, the University of Southern California, and the University of Maryland [36277]. This suggests that similar incidents have happened at multiple organizations in the education sector. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident at Pennsylvania State University's College of Engineering was primarily due to a "sophisticated" cyberattack originating from China. The attack compromised usernames and passwords of over 18,000 individuals, highlighting a failure in the design phase of the system's security measures [36277].
(b) The operation phase of the system was also impacted as the cyberattack led to the need to disconnect the College of Engineering's computer network from the Internet while they recover their systems. This operational disruption indicates a failure in the operation phase of maintaining the system's functionality [36277]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident at Pennsylvania State University's College of Engineering was a result of a "sophisticated" cyberattack originating from within the system itself. The university revealed that it was the target of two highly sophisticated cyberattacks over the last two years, with at least one of the assaults traced back to China [36277].
(b) outside_system: The cyberattack on the College of Engineering was initiated externally, with investigators determining that at least one of the attacks originated from China. This indicates that the contributing factors leading to the software failure incident came from outside the system [36277]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident at Pennsylvania State University's College of Engineering was due to non-human actions, specifically a "sophisticated" cyberattack originating from China [36277]. The cyberattack targeted the university's computer network, leading to unauthorized access to usernames and passwords of over 18,000 individuals. The attack did not involve human error but rather external malicious actors exploiting vulnerabilities in the system. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident at Pennsylvania State University's College of Engineering was not attributed to hardware issues. The incident was a result of a "sophisticated" cyberattack originating from China, as stated by University President Eric Barron [36277].
(b) The software failure incident was due to contributing factors that originated in software, specifically as a result of cyberattacks on the university's computer network. The cyberattacks compromised usernames and passwords of over 18,000 individuals, leading to a breach of personal information. The university took steps to investigate the breach and disconnected its computer network from the Internet during the recovery process [36277]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident at Pennsylvania State University's College of Engineering was malicious in nature. The incident was identified as a "sophisticated" cyberattack, with at least one of the assaults originating from China [36277]. The cyberattack targeted the university's system with the intent to access sensitive information and intellectual property. The attackers gained unauthorized access to usernames and passwords of more than 18,000 individuals, indicating a deliberate attempt to breach the system's security and potentially cause harm [36277]. The involvement of highly skilled cyber criminals and the connection to international threat actors further support the malicious nature of the software failure incident [36277]. |
| Intent (Poor/Accidental Decisions) |
unknown |
(a) The software failure incident at Pennsylvania State University's College of Engineering was not due to poor decisions but rather a "sophisticated" cyberattack originating from China. The university president mentioned that the cybercriminals behind the attack were "well-funded and highly skilled" and that such attacks are becoming more common in the current global environment of cybercrime and cyberespionage [36277].
(b) The incident was not a result of accidental decisions but a deliberate and targeted cyberattack on the university's systems. The attack was described as highly sophisticated, indicating a deliberate and planned effort by cybercriminals to breach the university's network security [36277]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident related to development incompetence is not explicitly mentioned in the provided article. Therefore, it is unknown if the incident was due to contributing factors introduced due to lack of professional competence by humans or the development organization.
(b) The software failure incident related to accidental factors is evident in the article. The incident at Pennsylvania State University's College of Engineering was a result of two "highly sophisticated" cyberattacks over the last two years [36277]. The attacks were described as being carried out by well-funded and highly skilled cyber criminals who have become brazen in their attacks on a wide range of businesses and government agencies. The university president mentioned that no computer network can ever be completely, 100 percent secure in the current environment of cybercrime and cyberespionage. The incident was discovered through an investigation initiated after the FBI alerted the university of the cyberattack in November 2014. The university then hired a security firm to investigate the breach, leading to the discovery that at least one of the attacks originated from China. |
| Duration |
permanent |
(a) The software failure incident in this case is more of a permanent nature. The cyberattacks on Pennsylvania State University's College of Engineering were described as "sophisticated" and "highly sophisticated," indicating that the contributing factors introduced by these attacks were significant and long-lasting [36277]. The university had to take steps to protect themselves from future cybercrime and cyberespionage, recognizing that no computer network can ever be completely secure. Additionally, the university disconnected its computer network from the Internet during the recovery process, which suggests a significant and lasting impact from the cyberattacks. |
| Behaviour |
other |
(a) crash: The software failure incident in this case did not involve a crash where the system loses state and does not perform any of its intended functions. The incident was related to a cyberattack compromising personal information at Pennsylvania State University's College of Engineering [36277].
(b) omission: The software failure incident did not involve the system omitting to perform its intended functions at an instance(s). Instead, it was a case of a cyberattack compromising user data [36277].
(c) timing: The software failure incident was not related to the system performing its intended functions too late or too early. It was a case of a cyberattack compromising sensitive information [36277].
(d) value: The software failure incident did not involve the system performing its intended functions incorrectly. It was a case of a cyberattack compromising personal information [36277].
(e) byzantine: The software failure incident did not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. It was a case of a cyberattack compromising user data [36277].
(f) other: The software failure incident was primarily due to a sophisticated cyberattack compromising personal information at Pennsylvania State University's College of Engineering. The incident highlighted the increasing threat of cybercrime and cyberespionage faced by organizations in the modern digital landscape [36277]. |