Loss of Safety
| Loss of Safety | |
|---|---|
| Technique | |
| ID | T0880 |
| Tactic | Impact |
Description
Adversaries may cause loss of safety whether on purpose or as a consequence of actions taken to accomplish an operation. The loss of safety can describe a physical impact and threat, or the potential for unsafe conditions and activity in terms of control systems environments, devices, or processes. For instance, an adversary may issue commands or influence and possibly inhibit safety mechanisms that allow the injury of and possible loss of life. This can also encompass scenarios resulting in the failure of a safety mechanism or control, that may lead to unsafe and dangerous execution and outcomes of physical processes and related systems.123
The German Federal Office for Information Security (BSI) reported a targeted attack on a steel mill in its 2014 IT Security Report.4 These targeted attacks affected industrial operations and resulted in breakdowns of control system components and even entire installations. As a result of these breakdowns, massive impact resulted in damage and unsafe conditions from the uncontrolled shutdown of a blast furnace.
A Polish student used a remote controller device to interface with the Lodz city tram system in Poland.567 Using this remote, the student was able to capture and replay legitimate tram signals. As a consequence, four trams were derailed and twelve people injured due to resulting emergency stops.6 The track controlling commands issued may have also resulted in tram collisions, a further risk to those on board and nearby the areas of impact.7
Procedure Examples
- Industroyer contained a module which leveraged a vulnerability in the Siemens SIPROTEC relays (CVE-2015-5374) to create a Denial of Service against automated protective relays.8
- Triton has the capability to reprogram the SIS logic to allow unsafe conditions to persist or reprogram the SIS to allow an unsafe state – while using the DCS to create an unsafe state or hazard.9
Mitigations
- Mechanical Protection Layers - Protection devices should have minimal digital components to prevent exposure to related adversarial techniques. Examples include interlocks, rupture disks, release valves, etc.10
- Safety Instrumented Systems - Utilize Safety Instrumented Systems (SIS) to provide an additional layer of protection to hazard scenarios that may cause property damage.
References
- ^ Corero. (n.d.). Industrial Control System (ICS) Security. Retrieved November 4, 2019.
- ^ Michael J. Assante and Robert M. Lee. (n.d.). The Industrial Control System Cyber Kill Chain. Retrieved November 4, 2019.
- ^ Tyson Macaulay. (n.d.). RIoT Control: Understanding and Managing Risks and the Internet of Things. Retrieved November 4, 2019.
- ^ Bundesamt für Sicherheit in der Informationstechnik (BSI) (German Federal Office for Information Security). (2014). Die Lage der IT-Sicherheit in Deutschland 2014 (The State of IT Security in Germany). Retrieved October 30, 2019.
- ^ John Bill. (2017, May 12). Hacked Cyber Security Railways. Retrieved October 17, 2019.
- a b Shelley Smith. (2008, February 12). Teen Hacker in Poland Plays Trains and Derails City Tram System. Retrieved October 17, 2019.
- a b Bruce Schneier. (2008, January 17). Hacking Polish Trams. Retrieved October 17, 2019.
- ^ Dragos. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved October 14, 2019.
- ^ Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer. (2017, December 14). Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure. Retrieved January 12, 2018.
- ^ A G Foord, W G Gulland, C R Howard, T Kellacher, W H Smith. (2004). APPLYING THE LATEST STANDARD FOR FUNCTIONAL SAFETY — IEC 61511. Retrieved September 17, 2020.
