IT disaster recovery, cloud computing and information security news

Nozomi Networks’ Co-founder and Chief Product Officer Andrea Carcanco has warned about the dangers of future TRITON-like attacks. At the recent Black Hat USA conference, Carcanco presented a live recreation of the industry’s first direct attack on an industrial safety system, showing that the TRITON malware creation may have been much easier to achieve than originally thought and sharing new tools to help in the fight against TRITON. Carcano urged the community to unite on more aggressive efforts to address security gaps in critical operational networks.

“TRITON failed. However, now, with a deeper understanding of the attack, we believe the effort, skills and financial resources needed to create the Triton malware were not as high as originally thought. We also know the attacker could have just as easily succeeded in injecting the final payload,” Carcano said. “This realization, combined with the knowledge that a growing number of hackers have critical infrastructure in their sights, [means] we as a community must move quickly on all fronts to strengthen the cyber security culture for the entire industry.”

First reported in December 2017, the TRITON attack against a petrochemical processing plant in the Middle East had the potential to compromise the facility’s Triconex Safety Instrumented System (SIS) from Schneider Electric. Fortunately, the Tricon system detected an anomaly and behaved as it was supposed to, by taking the plant to a safe state via a shutdown. TRITON is considered a milestone industrial cyber attack because it was the first to directly interact with, and control a safety system, raising the risk that a cyber attack could lead to unpredictable and dangerous industrial plant conditions.

“It’s important to recognize that Triton-type attacks can be made against any industrial control and safety system anywhere in the world, no matter who designed, engineered, built or operates it,” said Nathalie Marcotte, Senior Vice President, Industry Services and Cybersecurity, Schneider Electric. “No single entity can solve this global issue; rather, end users, third-party suppliers, integrators, standards bodies, industry groups and government agencies  must work together to help the global manufacturing industry withstand cyber attacks and protect the world’s most critical operations and the people and communities we all serve.”  

Read a white paper on this issue: TRITON: The First ICS Cyberattack on Safety Instrument Systems (PDF).

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.