Home
FT
STOP-IT Quantity FT
STOP-IT Water Quality FT
Import
List
SP Wizard
Risknought
Lists
Measures
Events
Tools
ST Procedures
Search
Login
Measure: MalwareProtectionSoftware
Description
Installation of suitable software to protect the IT systems against malware. By this measure malware reaching the IT system shall be blocked, deleted or at least directly noticed. Thus any damages resulting from the malware shall be avoided to ensure the integrity, authenticity and confidentiality of all data and assets in the IT infrastructure.
Comments
Used applications and software for defense against malware should be tailored for the use in enterprises, solutions for home use are not sufficiently safe. Furthermore, the chosen solution should be updated and checked on its effectiveness regularly. The employees should be trained on handling possibly dangerous contents in a sensitive way. Any detections of malware should be reported directly by both, the user detecting the malware and automatically by the system. All relevant data emerging in the IT system should be logged for a fast detection of incidents and for an easier understanding of past attacks.
Event source types
External attacker
Internal attacker
Human fault
Natural phenomena
Event types
Destruction
Manipulation
Risk reduction mechanism
Frequency/Likelihood
Threat Types
Cyber
Physical
Cyber-Physical
Action characteristics
Proactive
Measure types
Cyber Barriers
Control System
Consequence Mitigation
event_ measures
Event-Measure: 98182
Event-Measure: 98203
Event-Measure: 98241
Event-Measure: 98268
Event-Measure: 98296
Event-Measure: 98340
Event-Measure: 98459
Event-Measure: 98482
Event-Measure: 98490
Event-Measure: 98506
Event-Measure: 98549
Event-Measure: 98743
Event-Measure: 98747
Event-Measure: 98781
Event-Measure: 98912
Event-Measure: 98924
Event-Measure: 99011
Event-Measure: 99050
Event-Measure: 99125
Event-Measure: 99137
Event-Measure: 99151
Event-Measure: 99205
Event-Measure: 99219
Event-Measure: 99284
Event-Measure: 99362
Event-Measure: 99425
Event-Measure: 99482
Event-Measure: 99649
Event-Measure: 99664
Event-Measure: 99683
Event-Measure: 99804
Event-Measure: 99832
Event-Measure: 99850
Event-Measure: 99904
Event-Measure: 99930
Event-Measure: 99977
Event-Measure: 100002
Event-Measure: 100043
Event-Measure: 100089
Event-Measure: 100095
Event-Measure: 100100
Event-Measure: 100134
Event-Measure: 100198
Event-Measure: 100209
Event-Measure: 100229
Event-Measure: 100288
Event-Measure: 100310
Event-Measure: 100326
Event-Measure: 100506
Event-Measure: 100513
Event-Measure: 100553
Event-Measure: 100725
Event-Measure: 100746
Event-Measure: 100752
Event-Measure: 100916
Event-Measure: 100941
Event-Measure: 100949
Event-Measure: 100979
Event-Measure: 101046
Event-Measure: 101058
Event-Measure: 101172
Event-Measure: 101240
Event-Measure: 101305
Event-Measure: 101343
Event-Measure: 101418
Event-Measure: 101468
Event-Measure: 101594
Event-Measure: 101641
Event-Measure: 101669
Event-Measure: 101691
Event-Measure: 101745
Event-Measure: 101789
Event-Measure: 101809
Event-Measure: 101824
Event-Measure: 101884
Event-Measure: 101894
Event-Measure: 102092
Event-Measure: 102125
Event-Measure: 102137
Event-Measure: 102165
Event-Measure: 102231
Event-Measure: 102305
Event-Measure: 102328
Event-Measure: 102333
Event-Measure: 102367
Event-Measure: 102384
Event-Measure: 102426
Event-Measure: 102526
Event-Measure: 102565
Event-Measure: 102585
Event-Measure: 102635
Event-Measure: 102652
Event-Measure: 102739
Event-Measure: 102784
Event-Measure: 102819
Event-Measure: 102871
Event-Measure: 102886
Event-Measure: 102896
Event-Measure: 103113
Event-Measure: 103226
Event-Measure: 103261
Event-Measure: 103299
Event-Measure: 103454
Event-Measure: 103473
Event-Measure: 103479
Event-Measure: 103495
Event-Measure: 103501
Event-Measure: 103518
Event-Measure: 103666
Event-Measure: 103692
Event-Measure: 103735
Event-Measure: 103761
Event-Measure: 103823
Event-Measure: 103883
Event-Measure: 103900
Event-Measure: 103903
Event-Measure: 103948
Event-Measure: 103980
Event-Measure: 104001
Event-Measure: 104045
Event-Measure: 104072
Event Consequences
Quantity
Quality
Financial
Reputation
Asset types
Drinking Water Network
Drinking Water Tanks
Pressure Boosting Station
Water Abstraction Points
Water Treatment Plants
Events
Basic Event 151 - External person physicaly manipulates tank quality sensor readings
Basic Event 259 - External person physically damages PBS PLC
Basic Event 278 - Ransomware wipes out WDN control system files
Basic Event 189 - Man-in-the-Middle attack manipulates groundwater quality sensor signal
Basic Event 271 - WDN Control center destroyed by accidental flood
Basic Event 207 - External person destroys WTP transmission wires
Gate 119 - Insufficient disinfection process controlled by intruder
Basic Event 264 - Malware alters PLC statements that control valve
Basic Event 52 - Restricted area authorization procedure failure
Basic Event 190 - External person physically destroys observation well sensors
Basic Event 219 - DoS attack to WTP process system PLC
Basic Event 192 - External person physically destroys data transmission wires of wells
Basic Event 253 - External person in situ destroys PBS sensors
Basic Event 195 - External person manipulates data transmission system of wells
Basic Event 186 - Quality sensor transmission wires of observation wells manipulated
Gate 176 - Staff controlled processes run without WTP data
Basic Event 197 - External person physically manipulates well sensor signal
Basic Event 52 - Restricted area authorization procedure failure
Basic Event 64 - Man-in-the-Middle attack manipulates WTP control signals
Gate 260 - WDN control system manipulated
Basic Event 179 - Man-in-the-Middle attack manipulates reservoir control signals
Basic Event 233 - External person damages WDN tank
Basic Event 76 - External person physically damages WTP coagulation system
Basic Event 168 - External person physically manipulates surface water system sensor readings
Basic Event 160 - Failure to regulate the temperature, humidity and air quality in environments where information systems are located
Basic Event 211 - External attacker manipulates WTP transmission devices
Gate 193 - Surface water management system functions on altered data
Gate 113 - Lower efficiency of WTP disinfectant undetected
Basic Event 216 - Incorrect execution or failure of software acquired from an external party crashes WTP control system
Basic Event 213 - Internal person silently takes over WTP SCADA control
Basic Event 151 - External person physicaly manipulates tank quality sensor readings
Basic Event 49 - Internal person physically manipulates WTP sensor readings
Basic Event 65 - DoS attack to dosing system PLC
Basic Event 280 - External person physically destroys WDN servers
Basic Event 215 - Man-in-the-Middle attack manipulates WTP control signals
Basic Event 261 - Undetected SCADA hijacking software takes control of PBS operation
Gate 239 - Mislead PLC controlled WDN tank refill process
Basic Event 270 - Control center destroyed by accidental fire
Basic Event 67 - Natural phenomena destroy dosing system
Gate 219 - Staff controlled hydraulic processes run without WTP data
Basic Event 199 - Internal person silently takes over abstraction well SCADA control
Basic Event 282 - Failure to regulate the temperature, humidity and air quality in environments where information systems are located
Basic Event 221 - Internal person physically destroys WTP process system
Gate 186 - Quality verification process runs on altered WTP data
Basic Event 42 - External person physically destroys WTP sensors
Basic Event 236 - Man-in-the-Middle attack manipulates WDN tank level sensor signals
Basic Event 156 - Man-in-the-Middle attack manipulates abstraction point quality sensors
Basic Event 201 - Malware performs DoS attack on abstraction well PLCs
Basic Event 275 - Malware alters WDN control statements
Basic Event 238 - External person in situ manipulates WDN tank transmission system
Basic Event 188 - Internal person physically manipulates groundwater quality sensor readings
Gate 114 - Staff operate disinfection process without WTP data
Basic Event 277 - Malware tampers network topology characteristics on prediction models (e.g. tank volume curve)
Basic Event 244 - External person physically destroys pumps
Basic Event 51 - Internal cyber manipulation of WTP sensor signal
Basic Event 170 - External attacker manipulates surface water system transmission devices
Basic Event 232 - External person physically interrupts WDN tank outflow
Gate 111 - Insufficient disinfection due to loss of WTP control
Basic Event 252 - Man-in-the-Middle attack manipulates WDN PBS sensor signals
Basic Event 217 - Failure to regulate the temperature, humidity and air quality in environments where information systems are located
Basic Event 155 - External person physicaly manipulates abstraction point quality sensor readings
Basic Event 209 - External person physically manipulates WTP sensor readings
Basic Event 194 - External person manipulates transmission wires of wells
Basic Event 171 - Human error in operating/using surface water management system
Basic Event 61 - External person breaks in to WTP and takes over SCADA undetected
Basic Event 218 - Accidental errors by authorized user while maintaining information system
Basic Event 260 - Internal person silently takes over PBS SCADA control
Basic Event 63 - Undetected SCADA hijacking software takes control of WTP operation
Basic Event 178 - Internal person silently takes over reservoir SCADA control
Basic Event 272 - WDN control center destroyed by intentional flood
Basic Event 69 - Internal person physically destroys WTP dosing system
Basic Event 152 - Man-in-the-Middle attack manipulates quality sensor signals
Basic Event 167 - External person physically manipulates surface water system sensor readings
Basic Event 262 - External person physically destroys valve
Basic Event 159 - Incorrect execution or failure of software acquired from an external party crashes WTP control system
Basic Event 191 - External person physically destroys data transmission system of wells
Basic Event 265 - Man-in-the-Middle attack manipulates WDN valve sensor signals
Basic Event 154 - External attacker destroyes absraction point quality sensors
Basic Event 254 - External person physically destroys PBS data transmission wires
Basic Event 70 - Natural phenomena alter reagent dosing system
Basic Event 214 - Undetected SCADA hijacking software takes control of WTP operation
Gate 237 - Outflow valve of WDN tank closed
Basic Event 267 - Man-in-the-Middle attack manipulates WDN valve control signals
Basic Event 152 - Man-in-the-Middle attack manipulates quality sensor signals
Basic Event 250 - Malware alters PLC statements that control pump
Basic Event 196 - Man-in-the-Middle attack manipulates well sensor signal
Basic Event 279 - Malware corrupts prediction model database
Basic Event 177 - External person breaks in to reservoir control area taking over SCADA
Gate 177 - Staff or PLC controlled processes run on altered WTP data
Basic Event 269 - External person physically destroys WDN pipes
Basic Event 235 - External person in situ manipulates WDN tank level sensor
Basic Event 198 - External person breaks in to well control area and takes over SCADA
Basic Event 220 - External person physically destroys WTP process system
Basic Event 180 - Incorrect execution or failure of software acquired from an external party crashes reservoir control system
Basic Event 251 - External person in situ manipulates PBS transmission devices
Basic Event 237 - Malware alters PLC statements that control WDN tank refill
Basic Event 200 - Incorrect execution or failure of software acquired from an external party crashes abstraction well control system
Gate 179 - Dosing system destroyed
Basic Event 187 - External person physically manipulates groundwater quality sensor readings
Basic Event 48 - External person physically manipulates WTP sensor readings
Basic Event 66 - No back-up alternative for WTP dosing system PLC
Gate 117 - Staff or PLC controlled disinfection processes run on altered WTP data
Basic Event 50 - Man-in-the-Middle attack manipulates WTP sensor signal
Basic Event 169 - Man-in-the-Middle attack manipulates surface water system sensor signal
Basic Event 240 - Upadate of OS causes false positive alarms from Event Detection System
Basic Event 68 - External person physically destroys WTP dosing system
Gate 220 - Staff or PLC controlled hydraulic processes run on altered WTP data
Basic Event 281 - Incorrect execution or failure of software acquired from an external party crashes WDN control system
Basic Event 163 - External person attacks surface water system management party e.g. water board
Basic Event 153 - External attacker manipulates WTP transmission devices
Basic Event 157 - Man-in-the-Middle attack manipulates WDN quality sensor readings
Basic Event 227 - Fake news about contamination in WTP using manipulated water company public communication
Basic Event 222 - A valve is opened and floods equipment
Basic Event 47 - Internal person physically destroys WTP sensors
Basic Event 257 - Incorrect execution or failure of software acquired from an external party crashes PBS control system
Basic Event 164 - External person physically destroys surface water system sensors
Basic Event 276 - SQL injection to data used for demand prediction
Basic Event 62 - Internal person silently takes over SCADA control
Basic Event 210 - Man-in-the-Middle attack manipulates WTP sensor signal
Basic Event 205 - External person physically destroys WTP sensors
Basic Event 224 - External person destroys data transmission system of WTP power transformers
Specific Assets
Control Center
Control System
Dosing System
Drinking Water Pipes
Drinking Water Tanks
Media Channels
Pressure Boosting Station
Pump
Sensor
Server
Transferred Information
Transmission Devices
Valve
Measure ID
M56
Name
MalwareProtectionSoftware
Risk reduction mechanism
Frequency/Likelihood
Action characteristics
Proactive