Monday, December 25, 2017

Triconex SIS attacked by malware-new development in Safety Instrumented Systems

A worrying incident has recently occurred in a critical process plant, that had a Triconex Safety Instrumented Systems as the Safety System. As many of you must be aware, Triconex was one of the first systems in the industry to offer Triple Modular Redundant (TMR) architecture. This was a 2oo3 voting logic system, making it one of the systems that had high safety availability, as well as process availability. Over the years the company was bought by various different automation companies including the likes of ABB. Today it is owned by Schneider.
In this Fireye reported case, apparently somebody could reverse engineer the Triconex programming tool and create a malware that had the potential of blocking any action by the system in case of a dangerous detected failure. This malware has been given the name TRITON. It is not clear who or which organization would go to such a great length to create a malware that would bypass a safety system, but it is wakeup call for all process plant owner operators to tighten their operational security policies and procedures.
It is inconceivable that such a program could have been loaded into the system without the connivance of insiders, since it was an airgapped system without any connection to the internet (apparently).