We understand the specialized markets in which you operate and provide tailored solutions to meet your unique business needs.
Our comprehensive suite of business services combines industry expertise, market knowledge and professional insights.
MNP is a leading national accounting, tax and business consulting firm in Canada.
Suite 2000, 330 5th Ave. S.W.
Submit an RFP
MNP careers are Different by Design. As an entrepreneurial firm, we truly believe there are no limits to where your career can go.
This article was originally published in the Fall 2019 issue of
dp-PRO magazine and has been reproduced with permission.
MNP’s Sam Smagala and Eugene Ng recently discussed the growing threat of Malware, the ability of cyber criminals to compromise critical business infrastructure and the steps organizations can take to protect their virtual and physical assets in an article for dp-PRO magazine.
(August 2017, Saudi Arabia, an undisclosed oil and gas facility)
Operational teams were busy working during regular business hours when alerts of many industrial control system shutdowns were received. These shutdowns were not planned or expected by plant workers and engineers, which caused some head scratching and troubleshooting in response to determine the unexplained cause. As troubleshooting continued, what started as a few shutdowns turned into a full stop in facility operations, causing financial losses to the organization. Eventually, the response effort found a number of files and processes unknown to the organization, and unknown to the vendor — Schneider Electric.
Analyzing the files, cybersecurity analysts came to the grim conclusion that the files were, in fact, malware which had the capability to manipulate the Safety Instrumented System's (SIS) function and ability to keep operations at a stable state; the malware was intended to cause physical damage and harm.
The malware has since been identified. Dubbed "Trisis", it specifically targeted Schneider Electric's Triconex SIS. Luckily, in this case, there was a programming error which prevented any physical damage and harm.
Trisis is not the first of its kind. Other cases of malware targeting critical infrastructure include:
What's new is that Trisis is the first of its kind to specifically target SIS's.
Failure of an SIS is one of many outcomes that attackers hope for when targeting critical infrastructure. Others being minor manipulations of system reporting information to degrade (but not destroy) operations or gain information for future compromise when critical infrastructure is absolutely required (e.g. war times).
This points to the growing capabilities of attackers. Ignore this at your own peril.
A short list of high-level risk mitigation techniques may have helped in deterring attackers from targeting the plant, or even prevented the attack completely:
A list of overall actions your organization can take to be better equipped in preventing and responding to cyber incidents:
Sam Smagala is a Senior Manager with MNP’s Enterprise Risk Services practice. He can be reached at 905.607.9777or email
Eugene Ng, CISSP, PCI QSA, BCOMM, is MNP’s Cyber Security Leader for Eastern Canada. He can be reached at 905.607.9777 or email
Related Topics:Cyber Security; Crisis Management
Suite 2000, 330 5th Ave. S.W.
Find an office near me