Earlier this month, Nozomi Networks warned Black Hat conference attendees that they likely have not seen the last of TRITON-like cyberattacks. During a live recreation of the first direct attack on an industrial safety system, the company demonstrated how the TRITON malware might have been much easier to construct than originally thought, and shared new approaches and strategies to help in the fight against similar attacks moving forward.
In December 2017, the TRITON attack against a processing plant in the Middle East shined a light on potential security concerns when the facility’s Schneider Electric Triconex Safety Instrumented System (SIS) was infiltrated. Fortunately, the Tricon SIS detected an anomaly and behaved as it was supposed to — shutting down the plant.
TRITON is considered a pivotal moment in industrial cybersecurity because it was the first attack to interface with directly, and control, a safety system. It raised awareness of how a cyberattack could lead to dangerous and unpredictable outcomes, without the protection of a final line of defense.
Nathalie Marcotte, Sr. Vice President of Cybersecurity at Schneider Electric stated, “It’s important to recognize that Triton-type attacks can be made against any industrial control and safety system anywhere in the world, no matter who designed, engineered, built, or operates it.
"No single entity can solve this global issue; rather, end users, third-party suppliers, integrators, standards bodies, industry groups, and government agencies must work together to help the global manufacturing industry withstand cyberattacks and protect the world’s most critical operations and the people and communities we all serve. Through its research, knowledge sharing, and malware-detection tools, Nozomi Networks is heeding this call to action.”
A white paper produced by Nozomi Networks detailing the attack can be downloaded here.
Image Credit: Syda Productions/Shutterstock.com