Skip to Content

A New Industrial Hack Highlights the Cyber Holes in Our Infrastructure

December 15, 2017


Freshly discovered malware called Triton can compromise safety systems that control many kinds of industrial processes.

For years, security experts have been warning that hackers can disable systems that control critical infrastructure we all rely on, such as dams and power plants. Now researchers at Mandiant, which is part of the security firm FireEye, have revealed that a new form of malware, dubbed Triton, closed down the operations of a business in the Middle East belonging to Schneider Electric, a French company. The researchers say that they haven’t attributed the hack to a particular attacker, but they do say it bore hallmarks of threats from a nation-state.

Triton appears to have targeted a so-called safety instrumented system, or SIS, which monitors the operation of a physical process using sensors and acoustics. By taking control of it, hackers can destroy or damage the process the SIS is monitoring by tricking it into thinking everything’s normal, when in fact the process is operating at unsafe levels.

In Schneider Electric’s case, hackers were able to compromise an SIS workstation. Mandiant’s investigators think they intended to use the breach to cause damage to the plant. But they inadvertently triggered a shutdown of the industrial process, which led managers at the facility to launch an investigation that revealed the breach.

The latest incident follows others that have underlined the vulnerability to cyberattack of factories and critical infrastructure. In 2010, malware known as Stuxnet infected multiple sites in Iran, in one case destroying centrifuges at a uranium enrichment plant. Last year, an attack on Ukraine’s power grid using malware called Industroyer plunged a large chunk of the country’s capital, Kiev, into darkness (see “A Hack Used to Plunge Ukraine into Darkness Could Still Do Way More Damage”).

The growing threat of such attacks prompted the U.S. Computer Emergency Readiness Team, which operates under the auspices of the Department of Homeland Security and the FBI, to issue a strongly worded alert in October about the risks to numerous sectors, from nuclear power to water and aviation. Some researchers say Triton has been active since September, so it’s possible that its emergence triggered the US-CERT warning.

A study published earlier this year by MIT’s Center for International Studies noted that the pressure to make older equipment in many power plants and other facilities compatible with next-generation Internet-connected hardware has made matters worse. The rush to hook up legacy systems to the Web can leave them vulnerable to attack (see “Patching the Electric Grid”).

It could also leave companies vulnerable to huge lawsuits. “Triton underscores the need for factories and utilities to ... rethink their control and cyberdefense strategies,” said Creighton Magid, a lawyer at Dorsey & Whitney, in an e-mailed statement about the new hack. “The laggards are going to face huge financial risks.”

Deep Dive


A chip design that changes everything: 10 Breakthrough Technologies 2023

Computer chip designs are expensive and hard to license. That’s all about to change thanks to the popular open standard known as RISC-V.

Modern data architectures fuel innovation

More diverse data estates require a new strategy—and the infrastructure to support it.

Chinese chips will keep powering your everyday life

The war over advanced semiconductor technology continues, but China will likely take a more important role in manufacturing legacy chips for common devices.

The computer scientist who hunts for costly bugs in crypto code

Programming errors on the blockchain can mean $100 million lost in the blink of an eye. Ronghui Gu and his company CertiK are trying to help.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.