NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug
The US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory that foreign adversaries could be actively targeting US critical infrastructure across the nation. The alert states that infrastructure such as power plants, factories, oil, and gas refineries could be among the top targets.
The ICS-CERT also issued an independent advisory that details a critical security bug in the Schneider Electric Triconex Tristation and Tricon Communication Module. This poses a significant risk as the flaw lies in controllers that are responsible for halting plant operations in the event of a security risk or attack. The safety instrumented system (SIS) is designed to prevent equipment failure and incidents such as explosion or fire. The systems have been targeted before, such as in the TRITON attack of 2017.