Incident Hub

Critical Infrastructures Sectors

What is Critical Infrastrucutures?

Critical infrastructures are systems, assets, and services essential for the functioning of society, economy, and security of a country or region.

Types of Critical Infrastrucute

1 – Energy
2 – Water
3 – Transportation
4 – Healthcare
5 – Communications
6 – Public Safety
7 – Finance
8 – Food and Agriculture
9 – Government Services
10 – Emergency Servic

wdt_created_atwdt_last_edited_atIDDateYearSource DatabaseIntentionalOriginAttack vectorAttack DescriptionCountryIndustry TypeSubcategoryAttack DetailsTI Safe ScoreCIRASCIDMARK ScoreSCID idImpactLink at the InternetMalware NameMITRE ATT&CK Software ID [if exists]DurationRansom Value (USD)Paid (Y/N)Suggested security initiative
wdt_IDwdt_created_bywdt_created_atwdt_last_edited_bywdt_last_edited_atIDDateYearSource DatabaseIntentionalOriginAttack vectorAttack DescriptionCountryIndustry TypeSubcategoryAttack DetailsTI Safe ScoreCIRASCIDMARK ScoreSCID idImpactLink at the InternetMalware NameMITRE ATT&CK Software ID [if exists]DurationRansom Value (USD)Paid (Y/N)Suggested security initiative
1marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM101/06/19821982RISINot IntentionalExternalMalware infection[1] Trojan Attack.RussiaChemical and Farmaceutic industry sectorOil and GasThomas Reed, senior US national security official, claims in his book “At The Abyss” that the United States allowed the USSR to steal pipeline control software from a Canadian company. This software included a Trojan Horse that caused a major explosion of5The software sabotage had two effects, explains Reed. The first was economic. By creating an explosion with the power of a three kiloton nuclear weapon, the US disrupted supplies of gas and consequential foreign currency earnings. But the project also had
2marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM212/08/19851985RISINot IntentionalAccidentErrors, omissions or misuse(Union Carbide Chemical Leak West Virginia.) [1] Interruption of services.United StatesChemical and Farmaceutic industry sectorChemicalThe Institute facility leaked methylene chloride and aldicarb oxime, chemicals used to manufacture the pesticide Temik. The leak resulted from a computer program that was not yet programmed to recognize aldicarb oxime, compounded by human error when the o5One hundred and thirty four people were were sent to the hospital, six of whom where Union Carbide employees. Thirty people filed two lawsuits seeking $88 million in damages, but hundreds of people marched in support of the company. OSHA proposed fines
3marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM301/01/19891989RISINot IntentionalAccidentErrors, omissions or misuse(Oil Company SCADA System Impacted by RF Interference.)United StatesChemical and Farmaceutic industry sectorOil and GasIn 1989 a SCADA sytem was being prepared for an oil company in Houston Texas. All the remote telemetry units were communicating with the master station computer via low power Johnson radios. The dummy loads on all of the antennae were used to cut down the3
4marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM401/01/19911991RISIIntentionalAccidentErrors, omissions or misuse(Computer Error at Sellafield Nuclear Plant in UK.) [1] Interruption of services. [2] Obstruction of communication signals.EnglandEnergy sectorEnergyA computer error at the vitrification plant resulted in two shielding doors being left open while highly radioactive material was still inside one chamber. (#2)5Production at the facility was stopped and did not resume until cause of the accident was established. No one was exposed to radiation during the incident. (#2)
5marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM501/01/19921992RISINot IntentionalInternalMalware infection(Computer Sabotage at Nuclear Power Plant.)LithuaniaSector and Production SystemsNuclear Power PlantA computer programmer at the Ignalina Power Reactor Sation in Lithuania introduced a virus into one of the stations computers in an attempt to sabotage a reactor at the plant by introducing a virus into the computer system. Oleg Savchuk was arrested on a3Nuclear plant computer was infected with a virus. There was a station shutdown, though it was reported to be coincidental and not caused by the virus. Oleg Savchuk was arrested for premeditated sabotage.
6marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM601/01/19941994RISIIntentionalAccidentErrors, omissions or misuse(Computer Software Faults May Have Caused Chinook Helicopter Crash.) [1] Operational, in Computer, Devices or in Comunication, fail.EnglandTransport sector and systemsTransportation SystemsThe Chinook Mark 2 helicopter crashed on June 2, 1994 killing all 29 people on board. Initially, the pilots were blamed for the incident. Later, it was concluded that the exact cause of the accident was impossible to establish. The BBC received interna4The Chinook Helicopter crashed killing all 29 people on board. New evidence casts doubt on the airworthiness of the helicpoter. A report prepared nine months before the crash indicated there may be problems with the engine control computer software.
7marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM702/01/19941994RISINot IntentionalHybridUnauthorized access(Salt River Project Hack.) [1]Interception of convenient information. [2]Unauthorized access a Systems, Files and Devices.United StatesEnergy sectorEnergyBetween July 8th and August 31st, 1994, the perpetrator, Lane Jarret Davis, accessed a computer or computers belonging to the Salt River Project via a dialup modem on a backup computer. He was able to access data and delete files on systems responsible fo4The impacts reported on this incident are very contradictory. According to probation records (#1) Davis was able to access the canal control SCADA system for at least 5 hours, as well as accessing customer, financial and personnel records. SRP estimated t
8marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM824/07/19941994SCIDMARKNot IntentionalAccidentErrors, omissions or misuse(An explosion, followed by a number of fires, occurred at 13.23 on Sunday 24 July 1994, on the Pembroke Cracking Company plant (PCC) at the Texaco Refinery, Pembroke. Two companies occupied the site.)United KingdomAgriculture, food and beverageOil and GasThe incident was caused by flammable hydrocarbon liquid being continuously pumped into a process vessel that had its outlet closed3’>00013The customer’s core business output, key applications, or mission-critical systems have been interrupted or have been so severely impacted that the company cannot continue to operate in a reasonable manner.
9marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM901/01/19951995RISINot IntentionalInternalErrors, omissions or misuse(PLCs Crashed by IT Audit.) [1] Humann Error. [2] Adulteration or alteration in architecture of physical devices and of software. [3] Operational, in Computer, Devices or Comunication, fail.United StatesAgricultural sectorAgriculture, food and beverageA security consultant was scanning the food companies business and process networks for vulnerabilities. Probe packets containing deliberately malformed entered the Ethernet-based process control network and caused all PLCs to hard fault. The packets cont5The loss of production was estimated to be over $1,000,000 USD
10marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1002/01/19951995RISINot IntentionalAccidentSystem, device, software or operating failure(Oakland Air-Traffic Control Center Outage.) [1] Operational, in Computer, Devices or Comunication, fail. [2] Interrupption of services.United StatesTransport sector and systemsTransportation SystemsOne of the three power sources was down for testing and maintenance at the time of the episode. The second power source failed unexpectedly. When technicians attempted to bring the third power source on-line, a faulty circuit board in Critical Power Panel5All radar and radio communications at Oakland Center were shut down as the result of a 45-minute power outage. All radar screens went dark and all radio communications were cut off. Lights and telephones were unaffected. It took 45 minutes to restore radi
11marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1101/01/19961996RISINot IntentionalAccidentSystem, device, software or operating failure(Duplicate IP Address Prevents Machine Startup.)CanadaSector and Production SystemsPulp and PaperThe mill had upgraded the profile controller on the #1 Paper Machine to a control system that used Ethernet and TCP/IP to communicate between the scanners and the main controller. It was also connected to the main mill network through a bridge so that pr3The paper machine could not be started for over six hours.
12marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1202/01/19961996RISINot IntentionalAccidentSystem, device, software or operating failure(Omega Engineering Sabotage.) [1] Human Error. [2] Interruption of services.United StatesManufacturing and automation sectorCritical ManufacturingThe morning of July 31, 1996, the first worker in the door at Omega Engineering’s manufacturing plant in Bridgeport, N.J., logged on to his computer and unwittingly detonated a software time bomb that systematically eradicated all the programs that ran th5Omega suffered $12 million in damages and lost its competitive footing in the high-tech instrument and measurement market. Eighty workers lost their jobs as a result. “We will never recover,” said plant manager Jim Ferguson. After the system went down, i
13marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1301/01/19971997RISIIntentionalAccidentSystem, device, software or operating failure(Wrong Code Downloaded to PLC Causes Plant to Shutdown.)EnglandAgricultural sectorAgriculture, food and beverageWhen making minor changes to a PLC program, the PLC and Slave PLC were loaded with the new program and made the Master. The new Slave, previously the Master, was also loaded halfway through this download. The Master PLC stopped working and the plant was s3The plant was shutdown for 1
14marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1402/01/19971997RISINot IntentionalExternalSystem, device, software or operating failure(Worcester Air Traffic Communications System Hack.) [1] Interruption of services. [2] Obstruction of communication signals. [3] Operational, in Computer, Devices or in ComunicationUnited StatesTransport sector and systemsTransportation SystemsOn March 10, 1997, an unidentified juvenile computer hacker broke into a Bell Atlantic control system used for the air traffic communications at the Worcester, Massachusetts airport, causing a system crash that disabled the phone system at the airport for4The crash of the NGDLC system knocked out phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. Also, the tower’s main radio transmitter and another transmitter that acti
15marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1503/01/19971997RISINot IntentionalAccidentErrors, omissions or misuse(Korean Air Line B747 CFIT Accident in Guam.) [1] Human Error. [2] Interruption of services.GuamTransport sector and systemsTransportation SystemsApproaching Won Pat International Airport at night, Korean Air Lines Flight 801 impacted Nimitz Hill at 658ft, nearly 800ft below the minimum altitude at that point on the approach. While initially the accident seemed to have little to do with automated4There were 254 passengers and crew aboard the aircraft; 228 lost their lives.
16marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1604/01/19971997RISINot IntentionalAccidentSystem, device, software or operating failure(New Serial Communications Line Disrupts Network.) [1] Interruption of services. [2] Operational, in computer or in comunication, fail.EnglandAgricultural sectorAgriculture, food and beverageWhile a project team was connecting a new serial communication between two PLCs, the main site network connected to the master of these two PLCs was interrupted. Both control and view of the running plant was interrupted. The running plant had its network2The operator lost visibility of the plant for about 30 minutes.30 minutes
17marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1705/01/19971997RISIIntentionalAccidentSystem, device, software or operating failure(Broadcast Storm Shuts Down DCS Consoles.) [1] Interruption of services. [2] Obstruction of communication signals.CanadaAgricultural sectorAgriculture, food and beverageThe facility lost communications to the operator consoles on a steam plant DCS. The problem was believed to be caused by an incorrectly configured Windows 95 workstation in another mill area that generated high levels of broadcast packets.2The DCS had to be removed from the mill network, preventing process data from being transferred to the business systems.
18marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1805/01/19981998RISIIntentionalExternalSystem, device, software or operating failure(Hackers Attack NZ & Aust for Joining Gulf Taskforce.) [1] Interruption of services.New ZealandEnergy sectorEnergyThe following FICTITIOUS news paper article opened Parliament of Australian Research Paper 18 1997-98: ================================================ Hackers Attack NZ & Aust for Joining Gulf Taskforce AZP London: A hacker group calling themselves the4While Auckland did suffer from severe power blackouts in Febrary 1998, this incident is NOT factual.
19marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM1901/01/19991999RISINot IntentionalHybridSystem, device, software or operating failure(Power Outages and Other Service Interruptions.) [1] Interruption of services.United StatesEnergy sectorEnergyA former computer systems administrator, Joseph D. Konopka, hacked into computers and caused power failures in WI. Konopka, also known as ‘Dr. Chaos’, pleaded guilty and was sentenced on 11 felony charges for crimes in WI. He was responisble for 28 pow5Twenty eight power outages and 20 other service interruptions causing about $800,000 in damage in 13 Wisconsin counties.
20marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM2002/01/19991999RISINot IntentionalAccidentSystem, device, software or operating failure(Y2K Test Crashes Reactor Computer.) [1] Human Error. [2] Interruption of services. [3] Operational, in Computer or in Commucation, fail.United StatesEnergy sectorEnergyThe problem began just after lunch on Feb. 8, when a group of technicians tested a computer called the “Rodworth Minimizer.” The unit, which operates when the reactor is at low power, analyzes the position of “control rods” in the core and tells engineers3
21marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM2103/01/19991999RISIIntentionalNaturalSystem, device, software or operating failure(Olympic Pipeline Rupture and Subsequent Fire.) [1] Interruption of services and operation. [2] Adulteration or alteration in architecture of physical devices and of software [3] Operational, in Computer or in Communication failUnited StatesTransportation SystemsOil and GasAt about 3:28 pm PDT, a 16 inch diameter steel pipeline ruptured and released about 237,000 gallons of gasoline into a creek that flowed through Whatcom Falls Park in Bellingham, WA. About 1 1/2 hours after the rupture, the gasoline ignited and burned app5Two 10 year old boys and an 18 year old young man died as a result of the accident. Eight additional injuries were documented. A single-family residence and the city’s water treatment plant were severly damaged. Fines and litigation could bring the total
22marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM2204/01/19991999RISINot IntentionalExternalMalware infection(Virus Infection On DCS.) [1] Virus Attack. [2] Interruption of services and operation.EnglandAgricultural sectorAgriculture, food and beverageData on the HMI server was being corrupted, this data caused the system to slow and eventually stop. On investigation, it was discovered that the R&T server (in the same domain) had been infected and was totally unusable – unlike the control servers which4A group of 7 people spent the week cleaning, rechecking, re-cleaning and installing anti-virus software. This prevented the normal day to day work being carried out and delayed a commissioning job of a new plant. There were problems with ownership of the7 days
23marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM2305/01/19991999RISIIntentionalAccidentSystem, device, software or operating failureNavy Radar Shuts Down SCADA SystemsUnited StatesCritical ManufacturingWater and Wastewater SystemsIn November 1999, the US Navy was conducting exercises off San Diego during which two commercial spectrum users experienced severe electro mangnetic interference (EMI) to their Supervisory Control and Data Aquistion (SCADA) wireless networks operating atThe San Diego County Water Authority (SDCWA) and the San Diego Gas and Electric (SDGE) Companies were unable to remotely actuate critical value openings and closings as a result. This necessitated sending technicians to remote locations to manually open
24marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM2406/01/19991999RISINot IntentionalExternalUnauthorized accessHacker Takes Over Russian Gas System [1] Trojan Attack [2] Unauthorized access of softwares, systems, network and devicesRussiaOil and GasOil and GasAccording to a Associated Press news release, in 1999 a hacker took over control of a Russian gas system by penetrating the Gazprom (Russia’s state-run gas monopoly) SCADA system.(#1). National Petroleum Council report seems to confirm this, but it may j4Loss of control of the SCADA system
25marianna.ferreira@tisafe.com28/05/2024 02:40 PMmarianna.ferreira@tisafe.com28/05/2024 02:40 PM2517/02/19991999SCIDMARKNot IntentionalAccidentSystem, device, software or operating failureAn explosion destroyed the boiler of Hawthorn Unit #5, a coal-fired generating unit. [1] Interruption of services and operation [2] Adulteration or alteration in architecture of physical devices and of softwareUnited StatesEnergy sectorEnergyOn February 17, 1999 at approximately 00:30 am Central, an explosion destroyed the boiler of Hawthorn Unit #5, a 476 megawatt coal-fired generating unit. The explosion hit an 11-story boiler building.498.39 explosion caused most of the building to collapse, but caused only a minor injury. The explosion caused no interruption of electrical service for the utility’s customers. The explosion at KCP&L’s Hawthorn Unit #5 plant on February 17, 1999 caused the