Cyber Attack on Critical Infrastructure Site Causes Outage

by | Dec 21, 2017

Malware was deployed onto the Triconex product line, a group of safety-instrumented systems made by Schneider Electric.

The triton malware, as it was named, is designed to tamper with or even disable Schneider’s Triconex products, as well as “distributed control systems,” made by a separate company, used by human operators to monitor industrial processes.

According to, by obtaining a foothold in the DCS, hackers could use Triton create a situation that might cause physical harm, or an explosion or a leak. And because Triton’s code also contains the express ability to disable Triconex safety measures, the fail safes that exist to shut down equipment in those situations would be unable to respond. That makes for a dangerous new escalation of hacker tactics that target critical infrastructure.

Because of the destructive potential of these types of breaches, critical electric and other utility infrastructure will remain highly-prized targets for future cyberattacks. It’s possible that electric utilities will begin to receive data requests or informal outreach from federal regulators in the near future to determine whether those utilities have similar equipment that could be exploited, and if so, what steps they have taken to mitigate the threat.

In an emailed statement to Wired, Schneider Electric counters that “in this case those commands were accepted successfully by the Triconex components, and the plant was shut down safely.” Experts warn, however, that this attack could serve as a blueprint for future attacks on industrial systems.

Past Attacks

The number of malware attacks on critical infrastructure websites, hardware and software is increasing. In December of 2015 and again in December of last year, hackers breached security inside Ukrainian electric facilities and used their unauthorized access to cause power outages during one of the coldest months in Eastern Europe. A decade ago, hackers reportedly working on behalf of the US and Israel deployed the Stuxnet worm to sabotage Uranium enrichment centrifuges in Iran.

Vendors mentioned in this article:

Mark your calendars: The 3rd Annual Environmental Leader & Energy Manager Conference takes place May 15 – 17, 2018 in Denver. Learn more here.

Stay Informed

Get E+E Leader Articles delivered via Newsletter right to your inbox!

Share This