Lion.com will be offline from 5 PM to 6 PM ET on Friday, February 27, for planned updates. Online training support is available via support@lion.com.
Search

Hackers Attack Industrial Safety Systems with New Malware

Posted on 12/18/2017 by Roger Marks

Malware-Blog.jpgWhile industrial cyber-security is not our typical fare here at Lion News, a recent attack on an industrial facility safety system could be of concern to our readers.

Industrial security company FireEye reported on December 14 that an attacker had deployed malware dubbed “Triton” or “Trisis” to disrupt safety instrumented systems (SIS) at a Middle East critical infrastructure facility. The exact location and name of the facility is being withheld at this time.

The Triton malware is aimed at critical safety systems used by oil and gas, nuclear energy, and manufacturing plants. The creators of the safety shutdown system targeted by the malware attack have released a security notification that includes cybersecurity recommendations for potentially affected customers.

This week, the Department of Homeland Security released a report on the TRITON/TRISIS malware.
 
While this is not the first time hacking has been used to disrupt industry or government facilities, Triton—initially identified in August 2017—is the first type of malware built specifically to attack safety systems, according to web security firm Symantec. 

Security company Dragos has published a report on the newly identified malware threat as well.


What Can Industrial Security Malware Do?

The Triton malware employed in this attack can impact safety instrumented systems (SIS) in three major ways:
  1. Shut down an industrial process that was running safely, harming the facility’s production output and bottom line. This also has environmental consequences, as releases from industrial equipment are often more pronounced during start-up and shut-down.
  2. Re-program the SIS to prevent it from recognizing unsafe conditions, putting people and the environment in danger—most immediately those employees who work around the automated process who may be injured by an unexpected release of hazardous chemicals or stored energy
  3. Manipulating the industrial process into an unsafe state and disabling the SIS, putting workers, the environment, and the company’s equipment in great danger.
Note: For regular reports about chemical facility security, Lion News staff recommends Patrick Coyle’s Chemical Facility Security News blog.


Effective Online OSHA Safety Training

Available 24/7, Lion’s interactive OSHA safety training courses are designed to satsify OSHA's 29 CFR safety standards and empower workers to identify, mitigate, and avoid the hazards in your workplace.

Employees who complete OSHA training at Lion.com are ready to make on-the-job decisions that keep themselves and their co-workers safe. Our 10 Hour OSHA General Industry course focuses on hazard identification, avoidance, and control and prevention measures and includes several modules on electrical safety.

Tags: chemicals, facility security, osha, safety, security, security plan

Find a Post

Recent Posts

Compliance Topics

Compliance Archives

Lion - Quotes

I attended training from another provider and learned absolutely nothing. Lion is much better. Hands down.

Nicole Eby

Environmental Specialist

The instructor was probably the best I ever had! He made the class enjoyable, was humorous at times, and very knowledgeable.

Mary Sue Michon

Environmental Administrator

The instructor clearly enjoys his job and transmits that enthusiasm. He made a dry subject very interesting and fun.

Teresa Arellanes

EHS Manager

Very good. I have always appreciated the way Lion Tech develops, presents and provides training and materials.

John Troy

Environmental Specialist

Lion courses always set the bar for content, reference, and practical application. Membership and access to the experts is an added bonus.

John Brown, CSP

Director of Safety & Env Affairs

Very well structured, comprehensive, and comparable to live training seminars I've participated in previously. I will recommend the online course to other colleagues with training requirement needs.

Neil Luciano

EHS Manager

No comparison. Lion has the best RCRA training ever!!

Matt Sabine

Environmental Specialist

Lion is at the top of the industry in compliance training. Course content and structure are updated frequently to make annual re-training enjoyable. I like that Lion has experts that I can contact for 1 year after the training.

Caroline Froning

Plant Chemist

The instructor does a great job at presenting material in an approachable way. I have been able to save my company about $30,000 in the last year with what I have learned from Lion!

Curtis Ahonen

EHS&S Manager

The instructor made the class enjoyable. He presented in a very knowledgeable, personable manner. Best class I've ever attended. Will take one again.

John Nekoloff

Environmental Compliance Manager

Download Our Latest Whitepaper

Find out what makes DOT hazmat training mandatory for employees who sign the hazardous waste manifest, a “dually regulated” document for tracking shipments.

Download
Latest Whitepaper

By submitting your phone number, you agree to receive recurring marketing and training text messages. Consent to receive text messages is not required for any purchases. Text STOP at any time to cancel. Message and data rates may apply. View our Terms & Conditions and Privacy Policy.