Published Date: 2016-04-26
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident at the nuclear power plant in Germany happened on an unspecified date prior to the article's publication on April 26, 2016 [43469]. |
| System | 1. Computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods at Gundremmingen's B unit [43469] 2. Office computers maintained separately from the plant's operating systems where malware was found on 18 removable data drives, mainly USB sticks [43469] |
| Responsible Organization | 1. Malware such as "W32.Ramnit" and "Conficker" caused the software failure incident at the Gundremmingen nuclear power plant in Germany [43469]. |
| Impacted Organization | 1. The Gundremmingen nuclear power plant in Germany was impacted by the software failure incident involving computer viruses [43469]. |
| Software Causes | 1. The software causes of the failure incident at the nuclear power plant in Germany were computer viruses, specifically the "W32.Ramnit" and "Conficker" viruses, which were found in the plant's computer systems and removable data drives [43469]. |
| Non-software Causes | 1. The presence of computer viruses, including "W32.Ramnit" and "Conficker", on removable data drives, mainly USB sticks, in office computers maintained separately from the plant's operating systems [43469]. 2. The insertion of an infected USB computer drive into the network at a U.S. power company, which led to a computer virus attacking a turbine control system and keeping a plant offline for three weeks [43469]. |
| Impacts | 1. The computer viruses, including "W32.Ramnit" and "Conficker," were found at the Gundremmingen nuclear power plant in Germany, affecting a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods [43469]. 2. Malware was also discovered on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant's operating systems, leading to concerns about potential data theft and unauthorized access [43469]. 3. The incident prompted RWE, the operator of the nuclear power plant, to increase cyber-security measures to prevent future breaches and protect critical infrastructure [43469]. 4. The Federal Office for Information Security (BSI) in Germany was informed about the incident and was working with IT specialists at the group to investigate the matter further [43469]. 5. The incident highlighted the vulnerability of critical infrastructure to cyber threats, with infections of critical infrastructure being surprisingly common, although they may not always pose immediate danger unless specifically targeted [43469]. |
| Preventions | 1. Implementing strict network isolation protocols to prevent any external connections to critical infrastructure systems, as seen in the case of the nuclear power plant in Germany [43469]. 2. Enforcing robust cybersecurity measures, such as regular malware scans, software updates, and employee training on cybersecurity best practices to prevent malware infections via removable data drives like USB sticks [43469]. 3. Conducting thorough security audits and assessments of all computer systems, including those associated with critical infrastructure, to proactively identify and address vulnerabilities that could be exploited by malware [43469]. |
| Fixes | 1. Implementing strict air-gapping measures to ensure critical infrastructure systems are isolated from the internet, as seen in the case of the nuclear power plant in Germany [43469]. 2. Enhancing cybersecurity measures, such as regular malware scans, network monitoring, and employee training on cybersecurity best practices to prevent malware infections through USB drives and other means [43469]. 3. Collaborating with government cybersecurity agencies like Germany's Federal Office for Information Security (BSI) to investigate and address the software failure incident [43469]. 4. Conducting regular cybersecurity audits and assessments to identify vulnerabilities and strengthen the overall security posture of critical infrastructure systems [43469]. | References | 1. RWE (German utility company) - The articles gather information about the software failure incident from the operator of the Gundremmingen nuclear power plant, RWE [43469]. |
| Category | Option | Rationale |
|---|---|---|
| Recurring | multiple_organization | (a) The software failure incident of a nuclear power plant being infected with computer viruses has happened before at another organization. In 2013, a computer virus attacked a turbine control system at a U.S. power company after a technician inserted an infected USB computer drive into the network, keeping a plant offline for three weeks [43469]. (b) The incident of critical infrastructure being infected with computer viruses is surprisingly common. Mikko Hypponen, chief research officer for F-Secure, mentioned that infections of critical infrastructure were surprisingly common, although they were generally not dangerous unless the plant had been targeted specifically. He gave an example of a European aircraft maker that found malware in the cockpits of its planes due to factory employees charging their phones with the USB port in the cockpit, which spread the malware to the planes [43469]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase can be seen in the article. The incident at the nuclear power plant in Germany was due to computer viruses infecting the system. The viruses, including "W32.Ramnit" and "Conficker," were discovered in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods [43469]. This indicates a failure in the design phase where the system was vulnerable to malware attacks due to the software and systems in place. (b) The software failure incident related to the operation phase is evident in the article as well. Malware was found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems. This suggests a failure in the operation phase where the misuse of removable data drives introduced the malware into the system [43469]. |
| Boundary (Internal/External) | within_system | (a) The software failure incident at the nuclear power plant in Germany was within_system. The viruses, including "W32.Ramnit" and "Conficker", were discovered within the plant's computer systems and removable data drives [43469]. The malware was found in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, as well as on removable data drives like USB sticks in office computers maintained separately from the plant's operating systems. This indicates that the failure originated from within the plant's systems. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident at the nuclear power plant in Germany was primarily due to non-human actions. Computer viruses, including "W32.Ramnit" and "Conficker," infected the plant's systems and removable data drives, mainly USB sticks, without direct human involvement. These viruses were designed to steal files, spread through networks, and give attackers remote control over systems [43469]. (b) However, human actions also played a role in the incident. The malware was found on removable data drives, mainly USB sticks, in office computers maintained separately from the plant's operating systems. This suggests that human actions, such as using infected USB drives in the office computers, contributed to the spread of the viruses within the plant's systems [43469]. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident related to hardware: - The article mentions that the computer viruses, including "W32.Ramnit" and "Conficker," were discovered in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods at the Gundremmingen plant [43469]. - Malware was also found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems [43469]. - A computer virus attacked a turbine control system at a U.S. power company after a technician inserted an infected USB computer drive into the network, keeping a plant offline for three weeks [43469]. (b) The software failure incident related to software: - The viruses "W32.Ramnit" and "Conficker" are software-based threats that target Microsoft Windows software and are designed to steal files or give remote control over a system [43469]. - The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit, indicating a software-based vulnerability [43469]. |
| Objective (Malicious/Non-malicious) | malicious | (a) The software failure incident at the nuclear power plant in Germany was malicious in nature. Computer viruses, including "W32.Ramnit" and "Conficker," were found in the plant's computer systems, with the intention to steal files, give remote control to attackers, and spread through networks and removable data drives [43469]. The incident involved malware being intentionally introduced into the system to compromise its security and potentially gain control over critical infrastructure. |
| Intent (Poor/Accidental Decisions) | poor_decisions, accidental_decisions | (a) The intent of the software failure incident related to poor_decisions: - The software failure incident at the nuclear power plant in Germany was due to poor decisions related to cyber-security measures. The viruses were discovered in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods. Additionally, malware was found on removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems [43469]. (b) The intent of the software failure incident related to accidental_decisions: - The software failure incident at the nuclear power plant in Germany also involved accidental decisions or unintended actions. For example, the Conficker virus, which was one of the viruses found, is able to spread through networks and by copying itself onto removable data drives. This indicates that the spread of the virus may have been unintentional or accidental [43469]. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) The software failure incident at the nuclear power plant in Germany, where computer viruses were found in the system, could be attributed to development incompetence. The viruses, including "W32.Ramnit" and "Conficker," were discovered in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods [43469]. This indicates a lack of professional competence in ensuring the security and integrity of the software systems used in critical infrastructure like nuclear power plants. (b) Additionally, the incident involving malware on removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems, could be considered accidental. The malware was found on these drives, which were used by employees, indicating an accidental introduction of the malicious software into the system [43469]. |
| Duration | temporary | The software failure incident reported in the articles can be categorized as a temporary failure. The incident at the nuclear power plant in Germany involved the discovery of computer viruses, specifically "W32.Ramnit" and "Conficker," in the plant's computer systems [43469]. The viruses were found in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, as well as on removable data drives in office computers maintained separately from the plant's operating systems. The operator of the plant, RWE, increased cyber-security measures in response to the incident [43469]. This incident was temporary in nature as it was caused by specific circumstances, such as the introduction of infected data drives and the vulnerabilities of the systems to certain malware, rather than being a permanent failure inherent to all circumstances. |
| Behaviour | other | (a) crash: The software failure incident in the article does not involve a crash where the system loses state and does not perform any of its intended functions. The viruses found at the nuclear power plant did not cause the system to crash or stop functioning ([43469]). (b) omission: The software failure incident does not involve omission where the system omits to perform its intended functions at an instance(s). The viruses found at the plant did not lead to the system omitting any of its intended functions ([43469]). (c) timing: The software failure incident does not involve timing issues where the system performs its intended functions correctly but too late or too early. The incident is not related to timing failures ([43469]). (d) value: The software failure incident does not involve the system performing its intended functions incorrectly. The viruses found at the plant did not cause the system to perform its functions incorrectly ([43469]). (e) byzantine: The software failure incident does not involve a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The incident is not characterized by inconsistent responses or interactions ([43469]). (f) other: The software failure incident in the article is related to the presence of computer viruses, specifically "W32.Ramnit" and "Conficker," which were discovered in the plant's computer systems. The incident highlights the importance of cybersecurity measures and the potential risks associated with malware infections in critical infrastructure systems ([43469]). |
| Layer | Option | Rationale |
|---|---|---|
| Perception | network_communication | (a) sensor: The software failure incident at the nuclear power plant in Germany was not directly related to sensor errors. The viruses, including "W32.Ramnit" and "Conficker," were found in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods [43469]. (b) actuator: The incident did not involve actuator errors as the viruses were discovered in a computer system associated with data visualization software and not directly linked to actuator functions [43469]. (c) processing_unit: The failure was not attributed to errors in the processing unit. The viruses were found in a computer system retrofitted with data visualization software, indicating a different aspect of the system was affected [43469]. (d) network_communication: The software failure incident involved network communication errors as the viruses, including "W32.Ramnit" and "Conficker," were discovered in a computer system retrofitted with data visualization software, and malware was also found on removable data drives, mainly USB sticks, in office computers maintained separately from the plant’s operating systems [43469]. (e) embedded_software: The failure incident was not directly linked to errors in embedded software. The viruses were discovered in a computer system retrofitted with data visualization software associated with equipment for moving nuclear fuel rods, indicating a different layer of the system was affected [43469]. |
| Communication | connectivity_level | The software failure incident reported in the article [43469] was not related to the communication layer of the cyber physical system that failed. The incident involved the infection of a nuclear power plant's computer systems with viruses like "W32.Ramnit" and "Conficker," which were discovered in a computer system retrofitted with data visualization software associated with moving nuclear fuel rods. The malware was also found on removable data drives in office computers maintained separately from the plant's operating systems. The focus was on cyber-security measures and the potential threat posed by the viruses, rather than a failure at the communication layer of the cyber physical system. |
| Application | FALSE | The software failure incident at the nuclear power plant in Germany, where computer viruses were discovered, does not seem to be related to the application layer of the cyber physical system. The incident involved viruses such as "W32.Ramnit" and "Conficker" being found in the computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods [43469]. This indicates that the failure was more related to malware infecting the system rather than issues stemming from bugs, operating system errors, unhandled exceptions, or incorrect usage typically associated with the application layer of a system. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | non-human, theoretical_consequence | (a) death: People lost their lives due to the software failure - There is no mention of any deaths resulting from the software failure incident at the nuclear power plant in Germany [43469]. (b) harm: People were physically harmed due to the software failure - The article does not mention any physical harm to individuals as a result of the software failure incident at the nuclear power plant [43469]. (c) basic: People's access to food or shelter was impacted because of the software failure - The incident at the nuclear power plant did not impact people's access to food or shelter [43469]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident at the nuclear power plant involved malware infecting computer systems and removable data drives, but there is no mention of people's material goods, money, or data being directly impacted [43469]. (e) delay: People had to postpone an activity due to the software failure - There is no mention of any activities being postponed due to the software failure incident at the nuclear power plant [43469]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident at the nuclear power plant involved malware infecting the plant's computer systems and removable data drives, indicating that non-human entities (computer systems) were impacted [43469]. (g) no_consequence: There were no real observed consequences of the software failure - The incident at the nuclear power plant did have consequences, such as the discovery of viruses in the computer systems, increased cybersecurity measures, and involvement of authorities like the Federal Office for Information Security [43469]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article mentions that infections of critical infrastructure are common but generally not dangerous unless specifically targeted. It discusses the potential risks associated with malware spreading through networks and removable data drives but does not mention any actual harmful consequences in this specific incident [43469]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - There are no other consequences mentioned in the article beyond those related to the malware infection and cybersecurity measures taken in response to the incident at the nuclear power plant in Germany [43469]. |
| Domain | utilities | (a) The failed system was related to the utilities industry, specifically a nuclear power plant in Germany [43469]. |
Article ID: 43469