ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
ID Date System Failure Cause Failure Result Repair RecommendationSources of FaultsDuration
Location
Semantics
Behavior
Dimension
Primary SourceSecondary Sources
2
12021 Water worksLack of seperation between IT & OT network City's water poisoned
Remove remote access⁺; Isolate critical infrastructure *
Communication Level - Connectivity
TransientExternalArbitrarySoftSoftwarehttps://www.nytimes.com/2021/02/08/us/oldsmar-florida-water-supply-hack.html
3
22021 Oil pipeline
Hack of business network; lack of separation between business & operation networks
Shutdown of a major oil pipelineIsolate critical infrastructure network⁺Application LevelTransientExternalArbitraryHardSoftwarehttps://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html
4
32021 Public transportation
Zero day attack in remote access software; malware web shells
Unauthorized access; $370000 response cost
Scan periodically for backdoor web shells⁺
Communication Level - Connectivity
TransientInternalArbitrarySoftSoftwarehttps://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html
5
42019
Water treatment facility
Un-updated discharged personnel authentication; unsecure remote access
Unauthorized access; altered cleaning & disinfecting process
Update personnel changes to all security systems*
Communication Level - Connectivity
TransientExternalArbitrarySoftSoftwarehttps://www.wired.com/story/threat-to-water-supply-is-real-and-only-getting-worse/
6
52015 Power plant Unsecure supply chain network; malware repositories
Unauthorized access; leak of critical information
Secure & isolate supply chain network*
Communication Level - Connectivity
TransientExternalArbitrarySoftSoftwarehttps://www.nytimes.com/2018/03/15/us/politics/russia-cyberattacks.htmlhttps://www.cisa.gov/uscert/ncas/alerts/TA18-074A
7
62015
Power distribution center
Unsecure remote access; lack of 2FA for SCADA Loss of power for 230000 residentsEnable 2FA for safety-critical remote access⁺
Communication Level - Connectivity
TransientExternalArbitraryHardSoftware
https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
8
72019 Autonomous car
Failed to detect parked vehicle , stop sign, flashing red lights; ineffective driver engagement monitor
Fatal collision
Increase auto emergency braking efforts*; stringent user engagement monitor⁺
Application Level
Permanent
InternalValueHardSoftwarehttps://www.nytimes.com/2021/08/17/business/tesla-autopilot-accident.html
9
82019 Autonomous car
Failed to detect merging vehicle; neglected radar data; ineffective driver engagement monitor
Fatal collision
Create redundancy in object detection system⁺; stringent user engagement monitor⁺
Application Level
Permanent
InternalValueHardSoftwarehttps://www.nytimes.com/2021/07/05/business/tesla-autopilot-lawsuits-safety.html
10
92019 Connected car
Default authentication for user accounts; lack of isolation for safety-critical functions
Unauthorized access to safety-critical functions
Disable default authentication⁺; isolate safety-critical functions*
Application LevelTransientExternalArbitrarySoftSoftwarehttps://www.wired.com/story/car-hacking-biometric-database-security-roundup/https://www.vice.com/en/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps
11
102018 Autonomous car
Ineffective parked vehicle identification; ineffective driver engagement monitor
Fatal collision
Increase parked vehicle detection efforts*; stringent user engagement monitor⁺
Application Level
Permanent
InternalValueHardSoftwarehttps://www.nytimes.com/2021/08/16/business/tesla-autopilot-nhtsa.html
12
112018 Autonomous car
Failed to detect road barrier; ineffective driver engagement monitor
Fatal collision
Increase object detection & emergency braking efforts*; stringent user engagement monitor⁺
Application Level
Permanent
InternalValueHardSoftwarehttps://www.wired.com/story/tesla-autopilot-self-driving-crash-california/
13
122016 Autonomous car
Failed to detect turning vehicle & stop at collision; ineffective driver engagement monitor
Fatal collision
Increase object detection & emergency braking efforts*; stringent user engagement monitor*
Application Level
Permanent
InternalValueHardSoftware
https://www.nytimes.com/2016/07/13/business/tesla-autopilot-fatal-crash-investigation.html
14
132015 Connected car Zero day exploit of entertainment system firmware
Unauthorized access to safety-critical functions
Isolate safety-critical functions⁺; auto monitor CAN bus⁺
Communication Level - LinkTransientExternalArbitrarySoftSoftwarehttps://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
15
142015 Connected car
Unsecure remote access protocol (SMS, SSH w/ default key) in telematics dongle
Unauthorized access to safety-critical functions
Secure remote access⁺; isolate safety-critical functions⁺
Communication Level - Connectivity
TransientExternalArbitrarySoftSoftware
http://www.wired.com/2015/08/hackers-cut-corvettes-brakes-via-common-car-gadget/
16
152019 Connected RTOS
Networking protocol bug in COTS; Lack of software bill of materials
Exploitable vulnerabilitiesMaintain software bill of materials⁺
Communication Level - Connectivity
TransientInternalArbitrarySoftSoftwarehttps://www.wired.com/story/urgent-11-ipnet-vulnerable-devices/
17
162018
Smart home products
Lack of all users' consent; abuse enabling user experience Domestic abuse; psychological stress Require system consent from all users*Application LevelTransientExternalArbitrarySoftSoftware
https://www.nytimes.com/2018/06/23/technology/smart-home-devices-domestic-abuse.html
18
172016 Smart thermostat Bug in software update
Battery depletion; Unprompted temperature decrease
Comprehensive device testing for software updates*
Perception Level - Embedded Software
TransientInternalCrashHardSoftware
https://www.nytimes.com/2016/01/14/fashion/nest-thermostat-glitch-battery-dies-software-freeze.html
19
182016
Old connected devices
Processors with default authentication Botnet DDoS; internet outage
Disable default authentication⁺; stringent testing for old COTS*
Perception Level - Embedded Software
TransientInternalArbitrarySoftSoftwarehttps://www.wired.com/2016/10/internet-outage-webcam-dvr-botnet/
20
192019
Smart baby vital monitor
Device to server to phone app connection loss False sense of safetyAlert when connection lost*Application LevelTransientInternalCrashHardSoftwarehttps://www.nytimes.com/2020/04/17/parenting/owlet-baby-monitor.html
21
202019
Smart diabetes monitor
Device to server to phone app connection loss False sense of safetyAlert when connection lost⁺Service LevelTransientInternalCrashHardSoftware
https://www.nytimes.com/2019/12/02/well/live/Dexcom-G6-diabetes-monitor-outage.html
22
212019 Spacecraft
Contract software with bug caused early communication query
Early state change depleted fuel
Comprehensive testing across supply chain deliverables*
Perception Level - Embedded Software
TransientInternalTimingSoftSoftwarehttps://www.nytimes.com/2020/02/07/science/boeing-starliner-nasa.htmlhttps://www.nytimes.com/2019/12/20/science/boeing-starliner-launch.html
23
222019 Aircraft
Faulty sensor; lack of sensor redundancy; lack of updated system training
Catastrophic crashes
Create redundancy for critical systems⁺; training for updated systems*
Perception Level - Sensor/Actuator
Permanent
InternalCrashHardSoftwarehttps://www.nytimes.com/interactive/2019/business/boeing-737-crashes.htmlhttps://www.nytimes.com/2019/06/01/business/boeing-737-max-crash.html
https://ieeexplore.ieee.org/document/9280967
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100