Cyber Risk to Mission Case Study: Triton

Jeffries, Blaine; Saravia, Stephanie; Carter, Cedric; Ankuda, Zachary

Cyber Risk to Mission Case Study: Triton

Active / Technical Report | Accesssion Number: AD1183008 |

Open PDF

Abstract:

In August of 2017, TRITON malware was used to target and disrupt Safety Instrumented System (SIS) controllers within a Saudi petrochemical refinery. A SIS controls critical processes that support safety and reliability within a control system. Fortunately, the targeted SIS initiated a safe shutdown when code validation failed, triggering an internal investigation that uncovered the malware. This is one of the few publicly reported incidents of control system malware designed to inflict physical damage and the first that targeted a SIS.

Author(s):

Jeffries, Blaine ; Saravia, Stephanie ; Carter, Cedric ; Ankuda, Zachary

Author Organization(s):

MITRE CORP BEDFORD MA

Funding Organization(s):

OFFICE OF THE UNDER SECRETARY OF DEFENSE RESEARCH AND ENGINEERING WASHINGTON DC, WASHINGTON DC , DC

Document Type:

Technical Report/Technical Paper

Publication Date:

2022 Oct 13

Pagination:

8

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Identifying Numbers

Contract Number(s):

W56KGU-18-D-0004

Subject Terms

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

control systems, cyberattacks, critical infrastructure, governments, detection, industrial control systems, load monitoring, department of defense, electrical grids, government employees, infrastructure, new york, nuclear fuels, saudi arabia, security, targeting

Keyword(s):

critical infrastructure protection, computer security, sis controllers, safety instrument system, trisis/hatman

Subject Categories:

Mathematical and Computer Sciences

Creation Date:

2022 Oct 25

Update Date:

2023 Feb 02