Wednesday, July 22, 2009

Reporting Attacks on Control Systems

Monday, July 20th, 2009 was an important day for control system security. The long awaited birth of RISI (Repository of Industrial Security Incidents) finally occurred. The RISI is a data base operated by Security Incidents Organization (, a non-governmental organization (NGO) that will collect, investigate, analyze, and share information about security incidents involving industrial control systems. Walt Boyes and Joe Weiss from are part of the team that has been working on bringing this organization and data base to life. Other easily recognized names behind this start-up include: John Cusimano, of exida, Eric Byres of Byres Security div. of Exida, Todd Stauffer, also of exida, Aris Espejo of Syncrude Ltd., Eric Cosman of Dow Chemical Company. To give a viable start to this project the RISI database was started with data from 150 cyber incidents that had been gathered by the Industrial Security Incidents Database (ISID) an academic project starting in 2001. This makes RISI currently the largest database of control system incidents. Those incidents include accidental cyber-related incidents, as well deliberate events such as external hacks, Denial of Service (DoS) attacks, and virus/worm infiltrations that did or could have resulted in loss of control, loss of production, or a process safety incident. While the Security Incidents Organization is a registered non-profit, it does have expenses to cover. There is an annual membership fee for full access to the RISI database, but in a remarkable marketing idea for a bunch of control geeks, they offer a free 3 month membership (or extension of membership) for each industrial cyber incident reported. Anyone that is responsible for an industrial control system (especially control systems at high-risk chemical facilities), or for security of the same, should visit the organization web site. A detailed exploration of the site would be well worth your time. I’m adding the site to my list of daily internet stops.

1 comment:

John Cusimano said...

Thank you for the publicity for our new project. A lot of people have been instrumental in making this possible. Notably absent from this post and someone who I would like to acknowledge is Mark Fabro of Lofty Perch. That said, being born is one accomplishment, but the real trick will be living a meaningful life and providing value to the community we serve. We are well aware that for RISI to be successful we will need to earn the trust and support of the community. This is why we are assembling a world-class team of advisers to guide us. The Advisory Board will be meeting regularly to review feedback from the community and help shape RISI. Please check the website regularly as, especially over the next few months, we expect things to be very dynamic. Thanks again for your help in spreading our announcement.

/* Use this with templates/template-twocol.html */