[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Non-Profit Targets Cyber-Security in Plants
By Stephanie Neil
MA Editorial Staff
September 12, 2009
The move from proprietary, non-networked control systems in the plant to
off-the-shelf, open applications that share information across
industrial and business networks is a double-edged sword for
manufacturers. On one side, people are more productive; on the other
side, SCADA and process control systems are falling victim to hackers
and network viruses.
Getting a handle on how to manage cyber-threats, however, has always
been a bit tricky. Reporting an industrial incident to organizations
such as the government-backed CERT program, which tracks Internet and
network security attacks, accidents, and failures, could expose a
companyâs network vulnerability or create a legal liability. As a
result, many manufacturers keep a lid on their own security issues,
which limits knowledge sharing that could help the industrial community
as a whole.
Enter the Security Incidents Organization, a newly formed non-profit
group that provides public access to its Repository of Industrial
Security Incidents (RISI). Established in July, the group maintains an
industry-wide repository for collecting, investigating, analyzing, and
sharing critical information regarding cyber-security incidents that
directly affect SCADA and process control systems.
The RISI database dates back to 2001, when it was housed at the British
Columbia Institute of Technology (BCIT) as part of a research project
that was shut down in 2006. At that time, BCIT faculty member Eric Byres
purchased the database and continued to collect data on incidents. His
company, Byres Research, was acquired by safety and security services
firm exida earlier this year.
Please Donate to the Ron Santo Walk to
Cure Diabetes with Ethan's Crew!