Monday, August 15, 2011

Reporting Cybersecurity Incidents

The Repository of Industrial Security Incidents (RISI) is an independent organization that collects and analyzes information about, and reports on, cybersecurity incidents involving industrial control systems. This weekend they announced a new online incident reporting form that allows for the anonymous reporting about industrial control system security incidents.

There is no other organization that (sorry ICS-CERT) that has a similar mandate. Since this is a non-governmental organization they have no way of requiring facilities to report these incidents. They rely on voluntary reporting and public news reports to maintain their data base of industrial control system security incidents.

RISI provides an incentive for reporting incidents; they provide one month of free access to reports and information to anyone reporting an ICS security incident. This will, of course, require some self-identification, but RISI maintains strict confidentiality. They note on their web site that:

“All reporting to RISI is strictly confidential. The security of all submitted information is of critical importance to RISI and all sensitive references are removed (and not masked) so there is no risk to the contributor or company. In addition, the investigative database is not available on line so identity data is not at risk from cyber theft.”

I would like to urge all readers working in chemical facilities (and any other facility that uses industrial control systems) to utilize this new reporting form to report any industrial control system security incidents. If the incident is an apparent attack, by all means report to law enforcement authorities first, but please follow-up with a report to RISI.

No comments:

/* Use this with templates/template-twocol.html */