Loss of Safety

Adversaries may compromise safety system functions designed to maintain safe operation of a process when unacceptable or dangerous conditions occur. Safety systems are often composed of the same elements as control systems but have the sole purpose of ensuring the process fails in a predetermined safe manner.

Many unsafe conditions in process control happen too quickly for a human operator to react to. Speed is critical in correcting these conditions to limit serious impacts such as Loss of Control and Property Damage.

Adversaries may target and disable safety system functions as a prerequisite to subsequent attack execution or to allow for future unsafe conditionals to go unchecked. Detection of a Loss of Safety by operators can result in the shutdown of a process due to strict policies regarding safety systems. This can cause a Loss of Productivity and Revenue and may meet the technical goals of adversaries seeking to cause process disruptions.

ID: T0880
Sub-techniques:  No sub-techniques
Tactic: Impact
Platforms: None
Version: 1.0
Created: 21 May 2020
Last Modified: 13 October 2023

Procedure Examples

ID Name Description
S1009 Triton

Triton has the capability to reprogram the SIS logic to allow unsafe conditions to persist or reprogram the SIS to allow an unsafe state while using the DCS to create an unsafe state or hazard. [1]

Mitigations

ID Mitigation Description
M0805 Mechanical Protection Layers

Protection devices should have minimal digital components to prevent exposure to related adversarial techniques. Examples include interlocks, rupture disks, release valves, etc. [2]

M0812 Safety Instrumented Systems

Ensure that all SIS are segmented from operational networks to prevent them from being targeted by additional adversarial behavior.

References