Hackers Attack Industrial Safety Systems with New Malware
Industrial security company FireEye reported on December 14 that an attacker had deployed malware dubbed “Triton” or “Trisis” to disrupt safety instrumented systems (SIS) at a Middle East critical infrastructure facility. The exact location and name of the facility is being withheld at this time.
The Triton malware is aimed at critical safety systems used by oil and gas, nuclear energy, and manufacturing plants. The creators of the safety shutdown system targeted by the malware attack have released a security notification that includes cybersecurity recommendations for potentially affected customers.
This week, the Department of Homeland Security released a report on the TRITON/TRISIS malware.
While this is not the first time hacking has been used to disrupt industry or government facilities, Triton—initially identified in August 2017—is the first type of malware built specifically to attack safety systems, according to web security firm Symantec.
Security company Dragos has published a report on the newly identified malware threat as well.
The Triton malware employed in this attack can impact safety instrumented systems (SIS) in three major ways:
What Can Industrial Security Malware Do?
- Shut down an industrial process that was running safely, harming the facility’s production output and bottom line. This also has environmental consequences, as releases from industrial equipment are often more pronounced during start-up and shut-down.
- Re-program the SIS to prevent it from recognizing unsafe conditions, putting people and the environment in danger—most immediately those employees who work around the automated process who may be injured by an unexpected release of hazardous chemicals or stored energy
- Manipulating the industrial process into an unsafe state and disabling the SIS, putting workers, the environment, and the company’s equipment in great danger.
Effective Online OSHA Safety Training
Available 24/7, Lion’s interactive OSHA safety training courses are designed to satsify OSHA's 29 CFR safety standards and empower workers to identify, mitigate, and avoid the hazards in your workplace.
Employees who complete OSHA training at Lion.com are ready to make on-the-job decisions that keep themselves and their co-workers safe. Our 10 Hour OSHA General Industry course focuses on hazard identification, avoidance, and control and prevention measures and includes several modules on electrical safety.
Find a Post
I really enjoyed this training. Even after years on both sides of the comprehension coin, I find myself still learning! The quality of the delivery exceeded much of the training I have received in the past.
Excellent. I learned more in two days with Lion than at a 5-day program I took with another provider.
Lion is my preferred trainer for hazmat and DOT.
One of the best trainings I have ever received!
The training was impressive. I am not a fan of online training but this was put together very well. I would recommend Lion to others.
The instructor was probably the best I ever had! He made the class enjoyable, was humorous at times, and very knowledgeable.
Mary Sue Michon
The instructor does a great job at presenting material in an approachable way. I have been able to save my company about $30,000 in the last year with what I have learned from Lion!
I can take what I learned in this workshop and apply it to everyday work and relate it to my activities.
This was the 1st instructor that has made the topic actually enjoyable and easy to follow and understand. Far better than the "other" training providers our company has attended!
Process & Resource Administrator
Having the tutorial buttons for additional information was extremely beneficial.
Download Our Latest Whitepaper
Just starting out with shipping lithium batteries? Not before you can answer the four fundamental questions form this guide.