22 July 2009

New access to security incidents

Newly formed non-profit Security Incidents Organization will provide public access to The Repository of Industrial Security Incidents (RISI).

RISI is an industry-wide repository for collecting, investigating, analyzing, and sharing critical information regarding cyber security incidents that directly affect SCADA, manufacturing, and process control systems. With over 150 incidents, RISI is a large collection of industrial cyber security incidents.

RISI provides subscribers with reliable information that allows them to learn from others’ experiences, understand the risks associated with industrial cyber-threats, and adapt their current security policies in step with changing industrial cyber-security dynamics.

RISI goes back to early 2001, when academic researchers developed a database called the Industrial Security Incidents Database (ISID). In 2008, several private cyber security experts, building on ISID, began collaboration on the RISI project hoping to make the information available to the automation industry.

The Security Incidents Organization started up this year to fulfill this goal by operating the RISI database, researching incidents, and making the results of that research publicly available. For more information, go to www.securityincidents.org.

RISI obtains security incident data from three sources. The primary source is through private incident reports submitted by members. Historically, members include those who use industrial automation, engineers, operators, security professionals, and automation vendors. Second, RISI analysts search public sources such as legal databases, news groups, and the Internet for indications of publicly-reported incidents. In the third area, incidents collect through data sharing agreements with strategic partner organizations.

When an event is either submitted by a RISI member or noted in a public forum, researchers then review and verify them. To protect the confidentiality of private contributors, researchers will remove any information that may identify the source of the incident. The RISI researchers then attempt to ascertain the reliability of the report. Each incident is then assigned one of four reliability ratings:

• Confirmed
• Likely but Unconfirmed
• Unknown or Unlikely
• Known Hoax/Urban Legend

Once the investigation, identity scrubbing, and confidence rating is complete, the incident goes into the RISI Database.

For related information, go to www.isa.org/security.