Malware Attack: States Work to Restart Vehicle Emissions TestsApplus Technologies Providing 'Restoration' Package
Several states that halted vehicle emissions tests as a result of a malware attack on tech provider Applus Technologies are attempting to restore service this week.
For example, Massachusetts officials, in a blog posted this week, note Applus Technologies had sent a "restoration" package to support a restart process that was to begin Wednesday. It expects vehicle inspections to resume Friday.
Other states affected, Applus says, include Connecticut, Georgia, Idaho, Illinois, Utah and Wisconsin, but some news reports say additional states were affected as well.
Applus did not immediately reply Wednesday to a request for further comment and clarification on restoration efforts.
System Locked Down
In a statement issued Sunday, Applus said that on March 30 it detected and stopped a malware attack and locked down the affected system. But it did not reveal any details about the nature of the malware.
Massachusetts officials, in a Sunday statement, noted: "The restoration involves resetting Applus Technologies' IT environment and will take some time to fully restore the functionality of vehicle inspections."
Applus Technologies said Sunday: "Due to the sophisticated technology and programming required to operate the program, it is imperative that we ensure every component of the program is free from malware, thoroughly tested and operating normally before bringing the program back online. The testing process will involve all of our agencies as well as the station owners who own and operate the computerized workstation equipment used to perform the motor vehicle inspections."
The company adds that it wants to ensure all issues are resolved "before restarting the system in order to avoid any additional delays or inconvenience once the programs are back up and running."
A Supply Chain Warning
"It seems that the states in question didn’t have an immediate fallback in the event their third-party vendor, Applus Technologies, became unavailable leading to operational interruptions," says Chris Clements, a vice president at the security firm Cerberus Sentinel.
"It is critical that organizations adopt a culture of security that includes performing a detailed risk analysis and contingency plan for their business operations. Key in any business impact analysis is mapping out both internal and external process dependencies and developing plans for continuing operations if one or more of them fail.
"All organizations should also perform rigorous third-party risk management, including penetration testing, to help ensure vendors are taking adequate security precautions."